============================================== ClamAV 0.99.4: unit_tests/test-suite.log ============================================== 2 of 7 tests failed. (6 tests were not run). .. contents:: :depth: 2 FAIL: check_clamav (exit: 1) ============================ Using test case timeout of 0 seconds set by user Running suite(s): cl_api cli jsnorm str regex disasm unique matchers htmlnorm bytecode 99%: Checks: 988, Failures: 2, Errors: 0 check_bytecode.c:127:F:arithmetic:test_inflate_jit:0: cli_bytecode_run failed, expected: 0, have: 28 check_bytecode.c:127:F:arithmetic:test_inflate_int:0: cli_bytecode_run failed, expected: 0, have: 28 NOTICE: Use the 'T' environment variable to adjust testcase timeout SKIP: check_unit_vg.sh (exit: 77) ================================= *** valgrind tests skipped by default, use 'make check VG=1' to activate FAIL: check1_clamscan.sh (exit: 42) =================================== LibClamAV debug: searching for unrar, user-searchpath: /usr/lib LibClamAV debug: unrar support loaded from /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/libclamav/.libs/libclamunrar_iface.so.7.1.1 libclamunrar_iface_so_7_1 LibClamAV debug: Initialized 0.99.4 engine LibClamAV debug: Initializing phishcheck module LibClamAV debug: Phishcheck: Compiling regex: ^ *(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$ LibClamAV debug: Phishcheck module initialized LibClamAV debug: Bytecode initialized in interpreter mode LibClamAV debug: test-db/test.hdb loaded LibClamAV debug: Initializing engine->root[0] LibClamAV debug: Initialising AC pattern matcher of root[0] LibClamAV debug: cli_initroots: Initializing BM tables of root[0] LibClamAV debug: Initializing engine->root[1] LibClamAV debug: Initialising AC pattern matcher of root[1] LibClamAV debug: cli_initroots: Initializing BM tables of root[1] LibClamAV debug: Initializing engine->root[2] LibClamAV debug: Initialising AC pattern matcher of root[2] LibClamAV debug: Initializing engine->root[3] LibClamAV debug: Initialising AC pattern matcher of root[3] LibClamAV debug: Initializing engine->root[4] LibClamAV debug: Initialising AC pattern matcher of root[4] LibClamAV debug: Initializing engine->root[5] LibClamAV debug: Initialising AC pattern matcher of root[5] LibClamAV debug: Initializing engine->root[6] LibClamAV debug: Initialising AC pattern matcher of root[6] LibClamAV debug: Initializing engine->root[7] LibClamAV debug: Initialising AC pattern matcher of root[7] LibClamAV debug: Initializing engine->root[8] LibClamAV debug: Initialising AC pattern matcher of root[8] LibClamAV debug: Initializing engine->root[9] LibClamAV debug: Initialising AC pattern matcher of root[9] LibClamAV debug: Initializing engine->root[10] LibClamAV debug: Initialising AC pattern matcher of root[10] LibClamAV debug: Initializing engine->root[11] LibClamAV debug: Initialising AC pattern matcher of root[11] LibClamAV debug: Initializing engine->root[12] LibClamAV debug: Initialising AC pattern matcher of root[12] LibClamAV debug: Initializing engine->root[13] LibClamAV debug: Initialising AC pattern matcher of root[13] LibClamAV debug: Initializing engine->root[14] LibClamAV debug: Initialising AC pattern matcher of root[14] LibClamAV debug: Loaded 151 filetype definitions LibClamAV debug: Using filter for trie 0 LibClamAV debug: Matcher[0]: GENERIC: AC sigs: 78 (reloff: 1, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 32 LibClamAV debug: Using filter for trie 1 LibClamAV debug: Matcher[1]: PE: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 LibClamAV debug: Matcher[2]: OLE2: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[3]: HTML: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Using filter for trie 4 LibClamAV debug: Matcher[4]: MAIL: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[5]: GRAPHICS: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[6]: ELF: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Using filter for trie 7 LibClamAV debug: Matcher[7]: ASCII: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[8]: NOT USED: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[9]: MACH-O: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[10]: PDF: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[11]: FLASH: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[12]: JAVA: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[13]: INTERNAL: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[14]: OTHER: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Dynamic engine configuration settings: LibClamAV debug: -------------------------------------- LibClamAV debug: Module PE: On LibClamAV debug: * Submodule PARITE: On LibClamAV debug: * Submodule KRIZ: On LibClamAV debug: * Submodule MAGISTR: On LibClamAV debug: * Submodule POLIPOS: On LibClamAV debug: * Submodule MD5SECT: On LibClamAV debug: * Submodule UPX: On LibClamAV debug: * Submodule FSG: On LibClamAV debug: * Submodule SWIZZOR: ** Off ** LibClamAV debug: * Submodule PETITE: On LibClamAV debug: * Submodule PESPIN: On LibClamAV debug: * Submodule YC: On LibClamAV debug: * Submodule WWPACK: On LibClamAV debug: * Submodule NSPACK: On LibClamAV debug: * Submodule MEW: On LibClamAV debug: * Submodule UPACK: On LibClamAV debug: * Submodule ASPACK: On LibClamAV debug: * Submodule CATALOG: On LibClamAV debug: * Submodule CERTS: On LibClamAV debug: * Submodule MATCHICON: On LibClamAV debug: Module ELF: On LibClamAV debug: Module MACHO: On LibClamAV debug: Module ARCHIVE: On LibClamAV debug: * Submodule RAR: On LibClamAV debug: * Submodule ZIP: On LibClamAV debug: * Submodule GZIP: On LibClamAV debug: * Submodule BZIP: On LibClamAV debug: * Submodule ARJ: On LibClamAV debug: * Submodule SZDD: On LibClamAV debug: * Submodule CAB: On LibClamAV debug: * Submodule CHM: On LibClamAV debug: * Submodule OLE2: On LibClamAV debug: * Submodule TAR: On LibClamAV debug: * Submodule CPIO: On LibClamAV debug: * Submodule BINHEX: On LibClamAV debug: * Submodule SIS: On LibClamAV debug: * Submodule NSIS: On LibClamAV debug: * Submodule AUTOIT: On LibClamAV debug: * Submodule ISHIELD: On LibClamAV debug: * Submodule 7zip: On LibClamAV debug: * Submodule ISO9660: On LibClamAV debug: * Submodule DMG: On LibClamAV debug: * Submodule XAR: On LibClamAV debug: * Submodule HFSPLUS: On LibClamAV debug: * Submodule XZ: On LibClamAV debug: * Submodule PASSWD: On LibClamAV debug: * Submodule MBR: On LibClamAV debug: * Submodule GPT: On LibClamAV debug: * Submodule APM: On LibClamAV debug: Module DOCUMENT: On LibClamAV debug: * Submodule HTML: On LibClamAV debug: * Submodule RTF: On LibClamAV debug: * Submodule PDF: On LibClamAV debug: * Submodule SCRIPT: On LibClamAV debug: * Submodule HTMLSKIPRAW: On LibClamAV debug: * Submodule JSNORM: On LibClamAV debug: * Submodule SWF: On LibClamAV debug: * Submodule OOXML: On LibClamAV debug: * Submodule MSPML: On LibClamAV debug: * Submodule HWP: On LibClamAV debug: Module MAIL: On LibClamAV debug: * Submodule MBOX: On LibClamAV debug: * Submodule TNEF: On LibClamAV debug: Module OTHER: On LibClamAV debug: * Submodule UUENCODED: On LibClamAV debug: * Submodule SCRENC: On LibClamAV debug: * Submodule RIFF: On LibClamAV debug: * Submodule JPEG: On LibClamAV debug: * Submodule CRYPTFF: On LibClamAV debug: * Submodule DLP: On LibClamAV debug: * Submodule MYDOOMLOG: On LibClamAV debug: * Submodule PREFILTERING: On LibClamAV debug: * Submodule PDFNAMEOBJ: On LibClamAV debug: * Submodule PRTNINTXN: On LibClamAV debug: Module PHISHING On LibClamAV debug: * Submodule ENGINE: On LibClamAV debug: * Submodule ENTCONV: On LibClamAV debug: Module BYTECODE On LibClamAV debug: * Submodule INTERPRETER: On LibClamAV debug: * Submodule JIT X86: On LibClamAV debug: * Submodule JIT PPC: On LibClamAV debug: * Submodule JIT ARM: ** Off ** LibClamAV debug: Module STATS Off LibClamAV debug: Module PCRE On LibClamAV debug: * Submodule SUPPORT: On LibClamAV debug: * Submodule OPTIONS: On LibClamAV debug: * Submodule GLOBAL: On LibClamAV debug: pool memory used: 4.374 MB LibClamAV debug: No bytecodes loaded, not running builtin test LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 2bf6c8403b5b0a6ccdcfc7c7a434507c is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: e_lfanew == 200 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 6 LibClamAV debug: TimeDateStamp: Mon Apr 14 11:51:53 2008 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 8 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x200 LibClamAV debug: SizeOfInitializedData: 0x400 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x5001 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x8000 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x2000 0x2000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x600 0x600 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x3000 0x3000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x800 0x800 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .clam LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x4000 0x4000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0xa00 0xa00 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .aspack LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x2000 0x2000 LibClamAV debug: VirtualAddress: 0x5000 0x5000 LibClamAV debug: SizeOfRawData: 0x1200 0x1200 LibClamAV debug: PointerToRawData: 0xc00 0xc00 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 5 LibClamAV debug: Section name: .adata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x7000 0x7000 LibClamAV debug: SizeOfRawData: 0x0 0x0 LibClamAV debug: PointerToRawData: 0x1e00 0x1e00 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0xc01 (3073) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Aspack: unpacking block rva:2000 - sz:200 LibClamAV debug: Aspack: unpacking block rva:3058 - sz:1a8 LibClamAV debug: Aspack: unpacking block rva:4000 - sz:1000 LibClamAV debug: Aspack: successfully rebuilt LibClamAV debug: Aspack: Unpacked and rebuilt executable LibClamAV debug: ***** Scanning rebuilt PE file ***** LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 4a4477a6d2d866b38806e9bfa5a6bb2e is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_peheader LibClamAV debug: *** Detected embedded PE file at 16864 *** LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: cli_scanembpe: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: 4a4477a6d2d866b38806e9bfa5a6bb2e:17408:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 2bf6c8403b5b0a6ccdcfc7c7a434507c:7680:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: c6ccf4ddbccbcaa01b441690a329d1b0 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_peheader LibClamAV debug: *** Detected embedded PE file at 6112 *** LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: cli_scanembpe: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: c6ccf4ddbccbcaa01b441690a329d1b0:6656:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 6b39b93ff222f7b979337faae602c6cf is negative LibClamAV debug: in cli_peheader LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: e_lfanew == 12 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 2 LibClamAV debug: TimeDateStamp: Thu Jan 1 01:00:00 1970 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 0 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x200 LibClamAV debug: SizeOfInitializedData: 0x0 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x63ff LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x7000 LibClamAV debug: SizeOfHeaders: 0x200 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: MEW LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x5000 0x5000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x0 0x0 LibClamAV debug: PointerToRawData: 0x0 0x0 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: ÒuÛŠëÔ LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x6000 0x6000 LibClamAV debug: SizeOfRawData: 0x418 0x418 LibClamAV debug: PointerToRawData: 0x200 0x200 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x5ff (1535) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression LibClamAV debug: MEW: found MEW characteristics FFFF9D50 + 000063FF + 5 = 00000154 LibClamAV debug: MEW: Win9x compatibility was set! LibClamAV debug: MEW: ssize 00001000 dsize 00005000 offdiff: 0000001c LibClamAV debug: MEW: 1048 (00000418) bytes read LibClamAV debug: MEW unpacking section 0 (0x65ef0->0x60ec8) LibClamAV debug: MEW unpacking section 1 (0x65fc5->0x61ee4) LibClamAV debug: MEW unpacking section 2 (0x65fff->0x62f20) LibClamAV debug: MEW unpacking section 3 (0x66065->0x64d34) LibClamAV debug: MEW unpacking section 4 (0x661de->0x65e51) LibClamAV debug: MEW: Unpacked and rebuilt executable LibClamAV debug: ***** Scanning rebuilt PE file ***** LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: eb55c7b07f6c22b7c09ea52a8eeaddec is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type ZIP-SFX at 17004 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ZIP/ZIP-SFX signature found at 17004 LibClamAV debug: in cli_unzip_single LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:256:ef073cfd:8:0:2 LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:0:4010228989:(nil) LibClamAV debug: cli_unzip: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-b1afbbd79a619d1205829b988f110766.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: eb55c7b07f6c22b7c09ea52a8eeaddec:21504:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 6b39b93ff222f7b979337faae602c6cf:1560:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 3527d9af6c885b7a469ced2fa4890dc6 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type NSIS at 46084 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: NSIS signature found at 46080 LibClamAV debug: in scannulsft() LibClamAV debug: NSIS: Header info - Flags=0, Header size=1105, Archive size=54d LibClamAV debug: NSIS: solid compression not detected LibClamAV debug: NSIS: bzip2 0 - lzma 2 - zlib 0 LibClamAV debug: NSIS: Successully extracted file #1 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: NSIS: Successully extracted file #2 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: 3527d9af6c885b7a469ced2fa4890dc6:47437:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 517cb11c1ae9e0c119e7699d65b71d05 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: e_lfanew == 200 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 5 LibClamAV debug: TimeDateStamp: Thu Jan 1 01:00:00 1970 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 0 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x200 LibClamAV debug: SizeOfInitializedData: 0x400 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x5087 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x82c3 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: KuNgBiM LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: KuNgBiM LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x2000 0x2000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x600 0x600 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x3000 0x3000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x800 0x800 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: KuNgBiM LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x4000 0x4000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0xa00 0xa00 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: KuNgBiM LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x32c3 0x4000 LibClamAV debug: VirtualAddress: 0x5000 0x5000 LibClamAV debug: SizeOfRawData: 0x3400 0x3400 LibClamAV debug: PointerToRawData: 0xc00 0xc00 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0xc87 (3207) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: in unspin LibClamAV debug: spin: Key8 is 91, Len is 11fe LibClamAV debug: spin: Key is 47b3f060, Len is 5a0 LibClamAV debug: spin: Key32 is 3523a0f5 - XORbitmap is b LibClamAV debug: spin: Decrypting sects (xor) LibClamAV debug: spin: done LibClamAV debug: spin: Key is 43a806db, Len is 180 LibClamAV debug: spin: POLY1 len is 1a1 LibClamAV debug: spin: POLYbitmap is b - decrypting sects (poly) LibClamAV debug: spin: done LibClamAV debug: spin: Compression bitmap is 8 LibClamAV debug: spin: Not growing sect0 LibClamAV debug: spin: Not growing sect1 LibClamAV debug: spin: Not growing sect2 LibClamAV debug: spin: Growing sect3: was 200 will be 1000 LibClamAV debug: spin: decompression complete LibClamAV debug: PEspin: Unpacked and rebuilt executable LibClamAV debug: ***** Scanning rebuilt PE file ***** LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: ea58113cd88ec4715020f5189529d35b is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_peheader LibClamAV debug: *** Detected embedded PE file at 6112 *** LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: cli_scanembpe: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: ea58113cd88ec4715020f5189529d35b:6656:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 517cb11c1ae9e0c119e7699d65b71d05:16384:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 2891f5b98be269b9f6ffbbb2c84ae4f4 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: e_lfanew == 240 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 4 LibClamAV debug: TimeDateStamp: Mon Apr 14 11:51:53 2008 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 8 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x200 LibClamAV debug: SizeOfInitializedData: 0x400 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x5042 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x6000 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x2000 0x2000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x600 0x600 LibClamAV debug: PointerToRawData: 0x800 0x800 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x3000 0x3000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0xe00 0xe00 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x4000 0x4000 LibClamAV debug: SizeOfRawData: 0x0 0x0 LibClamAV debug: PointerToRawData: 0x0 0x0 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .petite LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x2cc 0x1000 LibClamAV debug: VirtualAddress: 0x5000 0x5000 LibClamAV debug: SizeOfRawData: 0x400 0x400 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x442 (1090) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression LibClamAV debug: UPX: NRV2B decompressor failed LibClamAV debug: UPX: NRV2D decompressor failed LibClamAV debug: UPX: NRV2E decompressor failed LibClamAV debug: UPX: All decompressors failed LibClamAV debug: Petite: v2.2 compression detected LibClamAV debug: Petite: Found petite code in sect2(2000). Let's strip it. LibClamAV debug: Petite: Encrypted EP: dfed1249 | Array of imports: 205c LibClamAV debug: Petite: Old EP: 1020 LibClamAV debug: Petite: Sections dump: LibClamAV debug: Petite: .SECT0 RVA:1000 VSize:1000 ROffset: 0, RSize:f7 LibClamAV debug: Petite: .SECT1 RVA:2000 VSize:2000 ROffset: f7, RSize:123 LibClamAV debug: Petite: .SECT2 RVA:4000 VSize:ffc ROffset: 21a, RSize:ffc LibClamAV debug: Petite: Unpacked and rebuilt executable LibClamAV debug: ***** Scanning rebuilt PE file ***** LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 8a2bf11929515746f3df244a4ac91c7c is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type ZIP-SFX at 5740 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ZIP/ZIP-SFX signature found at 5740 LibClamAV debug: in cli_unzip_single LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:256:ef073cfd:8:0:2 LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:0:4010228989:(nil) LibClamAV debug: cli_unzip: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-c8ee76b1a9a1f6b4fd21d5abf81f5c6f.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: 8a2bf11929515746f3df244a4ac91c7c:6144:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 2891f5b98be269b9f6ffbbb2c84ae4f4:4096:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 832fd1026a13e16686b55e855bb559df is negative LibClamAV debug: in cli_peheader LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: e_lfanew == 16 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 3 LibClamAV debug: TimeDateStamp: Sat Jan 24 00:39:42 2004 LibClamAV debug: SizeOfOptionalHeader: 148 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 76 LibClamAV debug: MinorLinkerVersion: 111 LibClamAV debug: SizeOfCode: 0x694c6461 LibClamAV debug: SizeOfInitializedData: 0x72617262 LibClamAV debug: SizeOfUninitializedData: 0x4179 LibClamAV debug: AddressOfEntryPoint: 0x1018 LibClamAV debug: BaseOfCode: 0x10 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0xf000 LibClamAV debug: SizeOfHeaders: 0x200 LibClamAV debug: NumberOfRvaAndSizes: 10 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: PSÿÕ«ëçà LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x5000 0x5000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x1f0 0x200 LibClamAV debug: PointerToRawData: 0x10 0x0 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x8000 0x8000 LibClamAV debug: VirtualAddress: 0x6000 0x6000 LibClamAV debug: SizeOfRawData: 0x53c 0x53c LibClamAV debug: PointerToRawData: 0x200 0x200 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: oP@ LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0xe000 0xe000 LibClamAV debug: SizeOfRawData: 0x1f0 0x200 LibClamAV debug: PointerToRawData: 0x10 0x0 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x18 (24) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Upack characteristics found. LibClamAV debug: Upack: var set LibClamAV debug: Upack: EP: 00000018 original: 00000020 || 00401020 LibClamAV debug: Upack: Context Bits parameter used with lzma: 05, 1c00 LibClamAV debug: Upack: data initialized, before upack lzma call! LibClamAV debug: p0: 0x65f76 p1: ffffffff p2: 00000000 LibClamAV debug: state[0] = ffffffff LibClamAV debug: state[1] = 00000000 LibClamAV debug: state[2] = 00000001 LibClamAV debug: state[3] = 00000001 LibClamAV debug: state[4] = 00000001 LibClamAV debug: state[5] = 00000001 LibClamAV debug: Upack: loops: 00000002 search value: 00 LibClamAV debug: Upack: Unpacked and rebuilt executable LibClamAV debug: ***** Scanning rebuilt PE file ***** LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: de4f18d10798acf90ab81dc899dffb14 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type ZIP-SFX at 16492 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ZIP/ZIP-SFX signature found at 16492 LibClamAV debug: in cli_unzip_single LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:256:ef073cfd:8:0:2 LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:0:4010228989:(nil) LibClamAV debug: cli_unzip: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-d7b057b0e2f323096e90ac9d2376deff.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: de4f18d10798acf90ab81dc899dffb14:17408:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 832fd1026a13e16686b55e855bb559df:1852:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: Authenticode: 1499bd7d2ac0d8cfde925171efb020ff69711410 LibClamAV debug: in asn1_check_mscat (offset: 2884) LibClamAV debug: in asn1_parse_mscat LibClamAV debug: asn1_parse_mscat: failed to read pkcs#7 entry LibClamAV debug: asn1_parse_mscat: failed to parse catalog LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: e77295fd480b05f9d22bd9e4f86c5cf3 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: e_lfanew == 200 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 3 LibClamAV debug: TimeDateStamp: Mon Apr 14 11:51:53 2008 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 8 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x1000 LibClamAV debug: SizeOfInitializedData: 0x1000 LibClamAV debug: SizeOfUninitializedData: 0x5000 LibClamAV debug: AddressOfEntryPoint: 0x6320 LibClamAV debug: BaseOfCode: 0x6000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x8000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: UPX0 LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x5000 0x5000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x0 0x0 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: UPX1 LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x6000 0x6000 LibClamAV debug: SizeOfRawData: 0x600 0x600 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x7000 0x7000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0xa00 0xa00 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x720 (1824) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression LibClamAV debug: UPX: Looks like a NRV2B decompression routine LibClamAV debug: UPX: PE structure rebuilt from compressed file LibClamAV debug: UPX: Successfully decompressed LibClamAV debug: ***** Scanning decompressed file ***** LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 3b03bc19b1f39587a0650c7b6fe35d38 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_peheader LibClamAV debug: *** Detected embedded PE file at 19936 *** LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: cli_scanembpe: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: 3b03bc19b1f39587a0650c7b6fe35d38:20480:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: e77295fd480b05f9d22bd9e4f86c5cf3:3072:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized RAR file LibClamAV debug: cache_check: 240d23b090c954b017a73850af036178 is negative LibClamAV debug: in scanrar() LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: RAR: infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: RAR: Exit code: 1 LibClamAV debug: FP SIGNATURE: 240d23b090c954b017a73850af036178:350:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized RAR file LibClamAV debug: cache_check: f43c0b75c55428c5e84d6b40214ead41 is negative LibClamAV debug: in scanrar() LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: RAR: infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: RAR: Exit code: 1 LibClamAV debug: FP SIGNATURE: f43c0b75c55428c5e84d6b40214ead41:364:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 1cce7fa3d68fdb429da830618c1ebfee is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type ZIP-SFX at 2569 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ZIP/ZIP-SFX signature found at 2569 LibClamAV debug: in cli_unzip_single LibClamAV debug: cli_unzip: lh - fname out of file LibClamAV debug: e_lfanew == 200 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 5 LibClamAV debug: TimeDateStamp: Mon Apr 14 11:51:53 2008 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 8 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x200 LibClamAV debug: SizeOfInitializedData: 0x400 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x5000 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x6000 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0xf7 0x1000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x122 0x1000 LibClamAV debug: VirtualAddress: 0x2000 0x2000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x600 0x600 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x200 0x1000 LibClamAV debug: VirtualAddress: 0x3000 0x3000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x800 0x800 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .clam LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x4000 0x4000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0xa00 0xa00 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .WWP32 LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x2b7 0x1000 LibClamAV debug: VirtualAddress: 0x5000 0x5000 LibClamAV debug: SizeOfRawData: 0x400 0x400 LibClamAV debug: PointerToRawData: 0xc00 0xc00 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0xc00 (3072) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: in wwunpack LibClamAV debug: WWP: src: 4000, szd: 18c, srcend: 188 - 0 LibClamAV debug: WWPack: Unpacked and rebuilt executable LibClamAV debug: ***** Scanning rebuilt PE file ***** LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 7b8cd3dd6a198ec191afce0206665d2d is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type ZIP-SFX at 20076 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ZIP/ZIP-SFX signature found at 20076 LibClamAV debug: in cli_unzip_single LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:256:ef073cfd:8:0:2 LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:0:4010228989:(nil) LibClamAV debug: cli_unzip: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-6d0dec11c73030e28a25a383e8dbc81e.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: 7b8cd3dd6a198ec191afce0206665d2d:20480:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 1cce7fa3d68fdb429da830618c1ebfee:4096:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 7f8a72eb63173c80729ebb8c9999d9db is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: e_lfanew == 200 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 4 LibClamAV debug: TimeDateStamp: Mon Apr 14 11:51:53 2008 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 8 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x1000 LibClamAV debug: SizeOfInitializedData: 0x1000 LibClamAV debug: SizeOfUninitializedData: 0x5000 LibClamAV debug: AddressOfEntryPoint: 0x8060 LibClamAV debug: BaseOfCode: 0x6000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0xa000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: UPX0 LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x5000 0x5000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x0 0x0 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: UPX1 LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x6000 0x6000 LibClamAV debug: SizeOfRawData: 0x600 0x600 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x7000 0x7000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0xa00 0xa00 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: yC LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x2000 0x2000 LibClamAV debug: VirtualAddress: 0x8000 0x8000 LibClamAV debug: SizeOfRawData: 0xc52 0xc52 LibClamAV debug: PointerToRawData: 0xc00 0xc00 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0xc60 (3168) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression LibClamAV debug: UPX: NRV2B decompressor failed LibClamAV debug: UPX: NRV2D decompressor failed LibClamAV debug: UPX: NRV2E decompressor failed LibClamAV debug: UPX: All decompressors failed LibClamAV debug: 3,200,2923,0 LibClamAV debug: yC: offset: 0, length: b6b LibClamAV debug: yC: decrypting decryptor on sect 3 LibClamAV debug: yC: decrypting sect1 LibClamAV debug: yC: Unpacked and rebuilt executable LibClamAV debug: ***** Scanning rebuilt PE file ***** LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 8822fca1f7b0cb5506f15f8088956197 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: e_lfanew == 200 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 3 LibClamAV debug: TimeDateStamp: Mon Apr 14 11:51:53 2008 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 8 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x1000 LibClamAV debug: SizeOfInitializedData: 0x1000 LibClamAV debug: SizeOfUninitializedData: 0x5000 LibClamAV debug: AddressOfEntryPoint: 0x0 LibClamAV debug: BaseOfCode: 0x6000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x8000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: UPX0 LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x5000 0x5000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x0 0x0 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: UPX1 LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x6000 0x6000 LibClamAV debug: SizeOfRawData: 0x600 0x600 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x7000 0x7000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0xa00 0xa00 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x0 (0) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression LibClamAV debug: UPX: no luck - scanning for PE LibClamAV debug: UPX: PE structure rebuilt from compressed file LibClamAV debug: UPX: Successfully decompressed with NRV2B LibClamAV debug: ***** Scanning decompressed file ***** LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 3b03bc19b1f39587a0650c7b6fe35d38 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_peheader LibClamAV debug: *** Detected embedded PE file at 19936 *** LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 4/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: cli_scanembpe: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: 3b03bc19b1f39587a0650c7b6fe35d38:20480:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 8822fca1f7b0cb5506f15f8088956197:3072:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 7f8a72eb63173c80729ebb8c9999d9db:6226:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized 7zip file LibClamAV debug: cache_check: 30cc73fe9ec56e474c4d19c57ffe0546 is negative LibClamAV debug: cli_7unz: extracting clam.exe LibClamAV debug: CDBNAME:CL_TYPE_7Z:0:clam.exe:0:544:0:0:4010228989:(nil) LibClamAV debug: cli_7unz: Saving to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-74ddb305e9278d1eaa3e8f8106be8b27.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: cli_7unz: completed successfully LibClamAV debug: FP SIGNATURE: 30cc73fe9ec56e474c4d19c57ffe0546:362:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized ARJ file LibClamAV debug: cache_check: f58327b03afd2a727c3329ba3c0947a7 is negative LibClamAV debug: in cli_scanarj() LibClamAV debug: in cli_unarj_open LibClamAV debug: Header Size: 44 LibClamAV debug: ARJ Main File Header LibClamAV debug: First Header Size: 34 LibClamAV debug: Version: 11 LibClamAV debug: Min version: 1 LibClamAV debug: Host OS: 2 LibClamAV debug: Flags: 0x10 LibClamAV debug: Security version: 0 LibClamAV debug: File type: 2 LibClamAV debug: Filename: clam.arj LibClamAV debug: Comment: LibClamAV debug: Extended header size: 0 LibClamAV debug: in cli_unarj_prepare_file LibClamAV debug: Header Size: 56 LibClamAV debug: ARJ File Header LibClamAV debug: First Header Size: 46 LibClamAV debug: Version: 11 LibClamAV debug: Min version: 1 LibClamAV debug: Host OS: 2 LibClamAV debug: Flags: 0x10 LibClamAV debug: Method: 1 LibClamAV debug: File type: 0 LibClamAV debug: File type: 232 LibClamAV debug: Compressed size: 269 LibClamAV debug: Original size: 544 LibClamAV debug: Filename: clam.exe LibClamAV debug: Comment: LibClamAV debug: Extended header size: 0 LibClamAV debug: CDBNAME:CL_TYPE_ARJ:269:clam.exe:269:544:0:1:0:(nil) LibClamAV debug: in cli_unarj_extract_file LibClamAV debug: Filename: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-35964798380a4289e51a04681166ac0f.tmp/file.uar LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: ARJ: infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: ARJ: Exit code: 1 LibClamAV debug: FP SIGNATURE: f58327b03afd2a727c3329ba3c0947a7:393:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized CPIO OLD BINARY BE file LibClamAV debug: cache_check: f418df91fafd06fde1a23269d37959b4 is negative LibClamAV debug: CPIO: -- File 1 -- LibClamAV debug: CPIO: Name: clam.exe LibClamAV debug: CPIO: Filesize: 544 LibClamAV debug: CDBNAME:CL_TYPE_CPIO_OLD:544:clam.exe:544:544:0:1:0:(nil) LibClamAV debug: cli_map_scan: [36, +544) LibClamAV debug: cli_map_scandesc: [0, +1024), [36, +544) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: f418df91fafd06fde1a23269d37959b4:1024:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized CPIO OLD BINARY LE file LibClamAV debug: cache_check: 72de8ccfc183c86eadd52f5f571d0fd7 is negative LibClamAV debug: CPIO: -- File 1 -- LibClamAV debug: CPIO: Name: clam.exe LibClamAV debug: CPIO: Filesize: 544 LibClamAV debug: CDBNAME:CL_TYPE_CPIO_OLD:544:clam.exe:544:544:0:1:0:(nil) LibClamAV debug: cli_map_scan: [36, +544) LibClamAV debug: cli_map_scandesc: [0, +1024), [36, +544) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 72de8ccfc183c86eadd52f5f571d0fd7:1024:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized ZIP file LibClamAV debug: cache_check: 879ac518d351ac3ba22c9d54bd17174b is negative LibClamAV debug: in cli_unzip LibClamAV debug: cli_unzip: central @182 LibClamAV debug: cli_unzip: ch - flags 0 - method c - csize 15c - usize 220 - flen 8 - elen 0 - clen 0 - disk 0 - off 0 LibClamAV debug: cli_unzip: ch - fname: clam.exe LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:348:ef073cfd:12:1:1 LibClamAV debug: CDBNAME:CL_TYPE_ZIP:348:clam.exe:348:544:0:1:4010228989:(nil) LibClamAV debug: cli_unzip: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-f404230c2953c8a74da8f030d1060f73.tmp/zip.000 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 879ac518d351ac3ba22c9d54bd17174b:462:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS CAB file LibClamAV debug: cache_check: 05b9642706a9fc730b8371d239a9b8f9 is negative LibClamAV debug: in cli_scanmscab() LibClamAV debug: CAB: -------------- Cabinet file ---------------- LibClamAV debug: CAB: Cabinet length: 621 LibClamAV debug: CAB: Folders: 1 LibClamAV debug: CAB: Files: 1 LibClamAV debug: CAB: File format version: 1.3 LibClamAV debug: CAB: Folder record 0 LibClamAV debug: CAB: Folder offset: 69 LibClamAV debug: CAB: Folder compression method: 0 LibClamAV debug: CAB: Recorded folders: 1 LibClamAV debug: CAB: File record 0 LibClamAV debug: CAB: File name: clam*exe LibClamAV debug: CAB: File offset: 0 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:clam*exe:0:544:0:1:0:(nil) LibClamAV debug: CAB: Extracting file clam*exe to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-c5755ee1b90b43a7585c1c88427626d6.tmp, size 544, max_size: 26214400 LibClamAV debug: CAB: Compression method: STORED LibClamAV debug: CAB: Length from header 544 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 05b9642706a9fc730b8371d239a9b8f9:621:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS CHM file LibClamAV debug: cache_check: e938c5e5e17caf5177e5d205ae01524f is negative LibClamAV debug: in cli_scanmschm() LibClamAV debug: in cli_chm_open LibClamAV debug: ---- ITSF ---- LibClamAV debug: Signature: ITSF LibClamAV debug: Version: 3 LibClamAV debug: Header len: 96 LibClamAV debug: Lang ID: 1045 LibClamAV debug: Sec0 offset: 96 LibClamAV debug: Sec0 len: 24 LibClamAV debug: Dir offset: 120 LibClamAV debug: Dir len: 4180 LibClamAV debug: Data offset: 4300 LibClamAV debug: ---- ITSP ---- LibClamAV debug: Signature: ITSP LibClamAV debug: Version: 1 LibClamAV debug: Block len: 4096 LibClamAV debug: Block idx int: 2 LibClamAV debug: Index depth: 1 LibClamAV debug: Index root: -1 LibClamAV debug: Index head: 0 LibClamAV debug: Index tail: 0 LibClamAV debug: Num Blocks: 1 LibClamAV debug: Lang ID: 1033 LibClamAV debug: in read_chunk LibClamAV debug: found CHM_SYS_CONTENT_NAME LibClamAV debug: found CHM_SYS_CONTROL_NAME LibClamAV debug: found CHM_SYS_RESETTABLE_NAME LibClamAV debug: ---- Control ---- LibClamAV debug: Length: 6 LibClamAV debug: Signature: LZXC LibClamAV debug: Version: 2 LibClamAV debug: Reset Interval: 65536 LibClamAV debug: Window Size: 65536 LibClamAV debug: Cache Size: 1 LibClamAV debug: ---- Content ---- LibClamAV debug: Offset: 8688 LibClamAV debug: Length: 2214 LibClamAV debug: ---- Reset Table ---- LibClamAV debug: Num Entries: 1 LibClamAV debug: Entry Size: 8 LibClamAV debug: Table Offset: 40 LibClamAV debug: Uncom Len: 9094 LibClamAV debug: Com Len: 2214 LibClamAV debug: Frame Len: 32768 LibClamAV debug: Compressed offset: 8688 LibClamAV debug: lzx_decompress: end frame = 3 LibClamAV debug: lzx_decompress: current frame = 0 LibClamAV debug: lzx_decompress: current frame = 1 LibClamAV debug: lzx_decompress: bad block type (0x0) LibClamAV debug: in cli_chm_prepare_file LibClamAV debug: in read_chunk LibClamAV debug: in cli_chm_extract_file LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: b7d7abe6f39d65408fc0edaae672a845 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: b7d7abe6f39d65408fc0edaae672a845 (level 0) LibClamAV debug: in cli_chm_prepare_file LibClamAV debug: in cli_chm_extract_file LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: 9439224e9b1b5a9bb3177cf28460c75c is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 9439224e9b1b5a9bb3177cf28460c75c (level 0) LibClamAV debug: in cli_chm_prepare_file LibClamAV debug: in cli_chm_extract_file LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 840fa05eb051a0834e4515abe67c3e5d is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 840fa05eb051a0834e4515abe67c3e5d (level 0) LibClamAV debug: in cli_chm_prepare_file LibClamAV debug: in cli_chm_extract_file LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 139bd3ec257b12c8c193af09698a2ab5 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 139bd3ec257b12c8c193af09698a2ab5 (level 0) LibClamAV debug: in cli_chm_prepare_file LibClamAV debug: in cli_chm_extract_file LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 264c1275ab9797e4390e88f74ac70392 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 264c1275ab9797e4390e88f74ac70392 (level 0) LibClamAV debug: in cli_chm_prepare_file LibClamAV debug: in cli_chm_extract_file LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 8ef5b3b3e78935dc9eb82193022a05c3 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 8ef5b3b3e78935dc9eb82193022a05c3 (level 0) LibClamAV debug: in cli_chm_prepare_file LibClamAV debug: in cli_chm_extract_file LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Small data (0 bytes) LibClamAV debug: cli_magic_scandesc: returning 0 at line 3328 (no post, no cache) LibClamAV debug: in cli_chm_prepare_file LibClamAV debug: in cli_chm_extract_file LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 285c3651f007aa8237ae2fa4eb24b9b8 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 285c3651f007aa8237ae2fa4eb24b9b8 (level 0) LibClamAV debug: in cli_chm_prepare_file LibClamAV debug: in cli_chm_extract_file LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Small data (4 bytes) LibClamAV debug: cli_magic_scandesc: returning 0 at line 3328 (no post, no cache) LibClamAV debug: in cli_chm_prepare_file LibClamAV debug: in cli_chm_extract_file LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Small data (4 bytes) LibClamAV debug: cli_magic_scandesc: returning 0 at line 3328 (no post, no cache) LibClamAV debug: in cli_chm_prepare_file LibClamAV debug: in cli_chm_extract_file LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: Matched signature for file type HTML data at 48 LibClamAV debug: cache_check: f78cc15cc20f59e543742138902d407d is negative LibClamAV debug: in cli_scanhtml() LibClamAV debug: cli_scanhtml: using tempdir /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-0164f0f45bdc8da8f96b5a8c7dff36cf.tmp LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: f78cc15cc20f59e543742138902d407d (level 0) LibClamAV debug: in cli_chm_prepare_file LibClamAV debug: in cli_chm_extract_file LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: Matched signature for file type HTML data at 48 LibClamAV debug: cache_check: 353eb087a36a4f630680f48e8deae3a8 is negative LibClamAV debug: in cli_scanhtml() LibClamAV debug: cli_scanhtml: using tempdir /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-666812dceb4de26c1383ae9bfdfa14b9.tmp LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 353eb087a36a4f630680f48e8deae3a8 (level 0) LibClamAV debug: in cli_chm_prepare_file LibClamAV debug: in cli_chm_extract_file LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: CHM: infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: CHM: Exit code: 1 LibClamAV debug: FP SIGNATURE: e938c5e5e17caf5177e5d205ae01524f:10950:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized ZIP file LibClamAV debug: cache_check: 66e86fe942aea488a6ca46d3d2c007fd is negative LibClamAV debug: in cli_unzip LibClamAV debug: cli_unzip: central @136 LibClamAV debug: cli_unzip: ch - flags 2 - method 9 - csize 110 - usize 220 - flen 8 - elen 24 - clen 0 - disk 0 - off 0 LibClamAV debug: cli_unzip: ch - fname: clam.exe LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:272:ef073cfd:9:1:1 LibClamAV debug: CDBNAME:CL_TYPE_ZIP:272:clam.exe:272:544:0:1:4010228989:(nil) LibClamAV debug: cli_unzip: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-6e627b74c34d99899a4cee29e2f220b7.tmp/zip.000 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 66e86fe942aea488a6ca46d3d2c007fd:422:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 6b2324ea0df473777f58ca8d59d53ea5 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 809, rva: 893c8 LibClamAV debug: cli_peheader: parsing version info @ rva 893c8 (1/1) LibClamAV debug: VersionInfo (31ee2): 'FileVersion'='3, 2, 4, 9' - VI:460069006c006500560065007200730069006f006e000000000033002c00200032002c00200034002c002000390000000000 LibClamAV debug: VersionInfo (31f1a): 'CompiledScript'='AutoIt v3 Script : 3, 2, 4, 9' - VI:43006f006d00700069006c006500640053006300720069007000740000004100750074006f0049007400200076003300200053006300720069007000740020003a00200033002c00200032002c00200034002c00200039000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type AUTOIT at 206848 LibClamAV debug: hashtab: Freeing hashset, elements: 2, capacity: 64 LibClamAV debug: AUTOIT signature found at 206848 LibClamAV debug: in scanautoit() LibClamAV debug: autoit: magic string '>AUTOIT UNICODE SCRIPT<' LibClamAV debug: autoit: original filename 'C:\DOCUME~1\acab\IMPOST~1\Temp\autD.tmp' LibClamAV debug: autoit: compressed size: 1112 LibClamAV debug: autoit: advertised uncompressed size 57e6 LibClamAV debug: autoit: ref chksum: 2142245d LibClamAV debug: autoit: file is compressed LibClamAV debug: autoit: uncompressed size again: 57e6 LibClamAV debug: autoit: file successfully extracted LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized UTF-16LE character data LibClamAV debug: entconv: Encoding UTF-16LE LibClamAV debug: entconv: iconv:registering atexit LibClamAV debug: entconv: Initializing iconv pool:0x5f140 LibClamAV debug: entconv: iconv not found in cache, for encoding:UTF-16LE LibClamAV debug: entconv: iconv_open(),for:UTF-16LE -> 0x5f9b0 LibClamAV debug: in_iconv_u16: unprocessed bytes: 0 LibClamAV debug: cache_check: 144d97bc59d6944c6cf31e3fca78f432 is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 144d97bc59d6944c6cf31e3fca78f432 (level 0) LibClamAV debug: autoit: magic string 'C:\clam.exe' LibClamAV debug: autoit: original filename 'C:\clam.exe' LibClamAV debug: autoit: compressed size: 132 LibClamAV debug: autoit: advertised uncompressed size 220 LibClamAV debug: autoit: ref chksum: 204d611b LibClamAV debug: autoit: file is compressed LibClamAV debug: autoit: uncompressed size again: 220 LibClamAV debug: autoit: file successfully extracted LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: 6b2324ea0df473777f58ca8d59d53ea5:211738:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 21d1acd7ff5a8ff24b08d07be6f47709 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 809, rva: 9a4e8 LibClamAV debug: cli_peheader: parsing version info @ rva 9a4e8 (1/1) LibClamAV debug: VersionInfo (3d31e): 'FileVersion'='3, 2, 8, 1' - VI:460069006c006500560065007200730069006f006e000000000033002c00200032002c00200038002c002000310000000000 LibClamAV debug: VersionInfo (3d356): 'CompiledScript'='AutoIt v3 Script : 3, 2, 8, 1' - VI:43006f006d00700069006c006500640053006300720069007000740000004100750074006f0049007400200076003300200053006300720069007000740020003a00200033002c00200032002c00200038002c00200031000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type AUTOIT at 252928 LibClamAV debug: hashtab: Freeing hashset, elements: 2, capacity: 64 LibClamAV debug: AUTOIT signature found at 252928 LibClamAV debug: in scanautoit() LibClamAV debug: fpu: Floating point big endian detected. LibClamAV debug: autoit: magic string '>>>AUTOIT SCRIPT<<<' LibClamAV debug: autoit: original filename 'C:\DOCUME~1\acab\IMPOST~1\Temp\aut7.tmp' LibClamAV debug: autoit: compressed size: 1156 LibClamAV debug: autoit: advertised uncompressed size 4dd1 LibClamAV debug: autoit: ref chksum: f7b40440 LibClamAV debug: autoit: file is compressed LibClamAV debug: autoit: uncompressed size again: 4dd1 LibClamAV debug: autoit: script has got 331 lines LibClamAV debug: autoit: script successfully extracted LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: 8903cae272bf36a778c2f361ba282d42 is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 8903cae272bf36a778c2f361ba282d42 (level 0) LibClamAV debug: autoit: magic string 'C:\clam.exe' LibClamAV debug: autoit: original filename 'C:\clam.exe' LibClamAV debug: autoit: compressed size: 130 LibClamAV debug: autoit: advertised uncompressed size 220 LibClamAV debug: autoit: ref chksum: 74306db2 LibClamAV debug: autoit: file is compressed LibClamAV debug: autoit: uncompressed size again: 220 LibClamAV debug: autoit: file successfully extracted LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: 21d1acd7ff5a8ff24b08d07be6f47709:257960:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized BinHex file LibClamAV debug: cache_check: 2ac43b63da9af01c299936b345746126 is negative LibClamAV debug: in cli_binhex LibClamAV debug: cli_binhex: decoding 'clam.exe' - 544 bytes of data to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-38291b16f67ce0290166f46f02434102.tmp - 1 bytes or resources to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-f3bd1bd1322944d8cf1e8b46be309e98.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 2ac43b63da9af01c299936b345746126:833:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized BZip file LibClamAV debug: cache_check: 6fd6a864ed39180892e6f2e75a0c497f is negative LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: Bzip: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: FP SIGNATURE: 6fd6a864ed39180892e6f2e75a0c497f:348:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: Matched signature for file type HTML data LibClamAV debug: cache_check: 7aede91f6a4399ebc923e196ae01530f is negative LibClamAV debug: in cli_scanhtml() LibClamAV debug: cli_scanhtml: using tempdir /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-db5aee4259885da883e54281d5a38cbf.tmp LibClamAV debug: RFC2397 data file: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-db5aee4259885da883e54281d5a38cbf.tmp/rfc2397/clamav-4bbfee49e0546bc78859dcab993c4df9.tmp LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MBox file LibClamAV debug: cache_check: f8c0f87349a4318a414ea00b11643c5b is negative LibClamAV debug: Starting cli_scanmail(), recursion = 2 LibClamAV debug: in mbox() LibClamAV debug: Extract attachments from email 1 LibClamAV debug: parseEmailHeaders LibClamAV debug: parseEmailHeaders: check 'From html-normalise' LibClamAV debug: parseEmailHeaders: check 'Content-type: application/octet-stream;base64' LibClamAV debug: parseEmailHeader 'Content-type: application/octet-stream;base64' LibClamAV debug: parseMimeHeader: cmd='Content-type', arg=' application/octet-stream;base64' LibClamAV debug: messageSetMimeType: 'application' LibClamAV debug: mimeArgs = 'base64' LibClamAV debug: Add arguments 'base64' LibClamAV debug: Can't parse header "base64" LibClamAV debug: parseEmailHeaders: check 'Content-transfer-encoding: base64' LibClamAV debug: parseEmailHeader 'Content-transfer-encoding: base64' LibClamAV debug: parseMimeHeader: cmd='Content-transfer-encoding', arg=' base64' LibClamAV debug: messageSetEncoding: 'base64' LibClamAV debug: Encoding type 1 is "base64" LibClamAV debug: parseEmailHeaders: check '' LibClamAV debug: End of header information LibClamAV debug: newline_in_header, check "TVpQAAIAAAAEAA8A//8AALgAAAAhAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAALtxEEAAM8BQUIvzU1NQsClAMARmrHn5ujEAeA2tUP9mcA4fvjEA6eX/tAnNIbRMzSFiDAoBAnB2FwIeTgwEL9rMEAAAAAAAAAAAAAAAAAAAwBAAAIAQAAAAAAAAAAAAAAAAAADaEAAA9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAS0VSTkVMMzIuRExMAABFeGl0UHJvY2VzcwBVU0VSMzIuRExMAENMQU1lc3NhZ2VCb3hBAOYQAAAAAAAAPz8/P1BFAABMAQEAYUNhQgAAAAAAAAAA4ACOgQsBAhkABAAAAAYAAAAAAABAEAAAABAAAEAAAAAAAEAAABAAAAACAAABAAAAAAAAAAMACgAAAAAAACAAAAAEAAAAAAAAAgAAAAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhBAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW0NMQU1BVl0AEAAAABAAAAACAAABAAAAAAAAAAAAAAAAAAAAAAAAwA==" LibClamAV debug: parseEmailHeaders: finished with headers, moving body LibClamAV debug: parseEmailHeaders: return LibClamAV debug: in parseEmailBody, 0 files saved so far LibClamAV debug: Parsing mail file LibClamAV debug: mimeType = 1 LibClamAV debug: messageToFileblob LibClamAV debug: messageExport: numberOfEncTypes == 1 LibClamAV debug: messageExport: enctype 0 is 2 LibClamAV debug: Attachment sent with no filename LibClamAV debug: messageAddArgument, arg='name=attachment' LibClamAV debug: blobSetFilename: attachment LibClamAV debug: fileblobSetFilename: file attachment saved to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-4a3ccb5f5fe69a60acb19e85c6230f30.tmp/clamav-9a827d3781752fb71ff39eb870c50980.tmp LibClamAV debug: sanitiseBase64 'TVpQAAIAAAAEAA8A//8AALgAAAAhAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAALtxEEAAM8BQUIvzU1NQsClAMARmrHn5ujEAeA2tUP9mcA4fvjEA6eX/tAnNIbRMzSFiDAoBAnB2FwIeTgwEL9rMEAAAAAAAAAAAAAAAAAAAwBAAAIAQAAAAAAAAAAAAAAAAAADaEAAA9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAS0VSTkVMMzIuRExMAABFeGl0UHJvY2VzcwBVU0VSMzIuRExMAENMQU1lc3NhZ2VCb3hBAOYQAAAAAAAAPz8/P1BFAABMAQEAYUNhQgAAAAAAAAAA4ACOgQsBAhkABAAAAAYAAAAAAABAEAAAABAAAEAAAAAAAEAAABAAAAACAAABAAAAAAAAAAMACgAAAAAAACAAAAAEAAAAAAAAAgAAAAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhBAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW0NMQU1BVl0AEAAAABAAAAACAAABAAAAAAAAAAAAAAAAAAAAAAAAwA' LibClamAV debug: Exported 543 bytes using enctype 2 LibClamAV debug: 2 trailing bytes to export LibClamAV debug: base64chars = 2 (0 @ @) LibClamAV debug: Saving main message as attachment LibClamAV debug: CDBNAME:CL_TYPE_MAIL:544:attachment:544:544:0:0:0:(nil) LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-4a3ccb5f5fe69a60acb19e85c6230f30.tmp/clamav-9a827d3781752fb71ff39eb870c50980.tmp is infected LibClamAV debug: fileblobDestructiveDestroy: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-4a3ccb5f5fe69a60acb19e85c6230f30.tmp/clamav-9a827d3781752fb71ff39eb870c50980.tmp LibClamAV debug: parseEmailBody() returning 3 LibClamAV debug: cli_mbox returning 1 LibClamAV debug: FP SIGNATURE: f8c0f87349a4318a414ea00b11643c5b:829:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 7aede91f6a4399ebc923e196ae01530f:782:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MBox file LibClamAV debug: cache_check: da3221bb1a6b9547dbe894d4483c5032 is negative LibClamAV debug: Starting cli_scanmail(), recursion = 1 LibClamAV debug: in mbox() LibClamAV debug: Extract attachments from email 1 LibClamAV debug: parseEmailHeaders LibClamAV debug: parseEmailHeaders: check 'From test@example.com Thu Jul 31 13:49:50 2008' LibClamAV debug: parseEmailHeaders: check 'From: test@example.com' LibClamAV debug: parseEmailHeaders: check 'MIME-Version: 1.0' LibClamAV debug: parseEmailHeaders: check 'Content-Type: Application/Octet-Stream; name="clam.exe"' LibClamAV debug: parseEmailHeader 'Content-Type: Application/Octet-Stream; name="clam.exe"' LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' Application/Octet-Stream; name="clam.exe"' LibClamAV debug: messageSetMimeType: 'Application' LibClamAV debug: mimeArgs = ' name="clam.exe"' LibClamAV debug: Add arguments ' name="clam.exe"' LibClamAV debug: messageAddArgument, arg='name=clam.exe' LibClamAV debug: parseEmailHeaders: check 'Content-Transfer-Encoding: Base64' LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: Base64' LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' Base64' LibClamAV debug: messageSetEncoding: 'Base64' LibClamAV debug: Encoding type 1 is "Base64" LibClamAV debug: parseEmailHeaders: check '' LibClamAV debug: End of header information LibClamAV debug: newline_in_header, check "TVpQAAIAAAAEAA8A//8AALgAAAAhAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" LibClamAV debug: parseEmailHeaders: finished with headers, moving body LibClamAV debug: parseEmailHeaders: return LibClamAV debug: in parseEmailBody, 0 files saved so far LibClamAV debug: Parsing mail file LibClamAV debug: mimeType = 1 LibClamAV debug: messageToFileblob LibClamAV debug: messageExport: numberOfEncTypes == 1 LibClamAV debug: messageExport: enctype 0 is 2 LibClamAV debug: blobSetFilename: clam.exe LibClamAV debug: fileblobSetFilename: file clam.exe saved to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-77998474693a9c83b72da731e7946487.tmp/clamav-3031fc0ee75595b27424f03723103c99.tmp LibClamAV debug: sanitiseBase64 'TVpQAAIAAAAEAA8A//8AALgAAAAhAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' LibClamAV debug: sanitiseBase64 'AAAAAAEAALtxEEAAM8BQUIvzU1NQsClAMARmrHn5ujEAeA2tUP9mcA4fvjEA6eX/tAnNIbRMzSFi' LibClamAV debug: sanitiseBase64 'DAoBAnB2FwIeTgwEL9rMEAAAAAAAAAAAAAAAAAAAwBAAAIAQAAAAAAAAAAAAAAAAAADaEAAA9BAA' LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAS0VSTkVMMzIuRExMAABFeGl0UHJvY2VzcwBVU0VSMzIuRExM' LibClamAV debug: sanitiseBase64 'AENMQU1lc3NhZ2VCb3hBAOYQAAAAAAAAPz8/P1BFAABMAQEAYUNhQgAAAAAAAAAA4ACOgQsBAhkA' LibClamAV debug: sanitiseBase64 'BAAAAAYAAAAAAABAEAAAABAAAEAAAAAAAEAAABAAAAACAAABAAAAAAAAAAMACgAAAAAAACAAAAAE' LibClamAV debug: sanitiseBase64 'AAAAAAAAAgAAAAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhBAAAIAAAAAAAAAAAAAA' LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW0NMQU1BVl0A' LibClamAV debug: sanitiseBase64 'EAAAABAAAAACAAABAAAAAAAAAAAAAAAAAAAAAAAAwA' LibClamAV debug: Exported 543 bytes using enctype 2 LibClamAV debug: 2 trailing bytes to export LibClamAV debug: base64chars = 2 (0 @ @) LibClamAV debug: Saving main message as attachment LibClamAV debug: CDBNAME:CL_TYPE_MAIL:544:clam.exe:544:544:0:0:0:(nil) LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-77998474693a9c83b72da731e7946487.tmp/clamav-3031fc0ee75595b27424f03723103c99.tmp is infected LibClamAV debug: fileblobDestructiveDestroy: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-77998474693a9c83b72da731e7946487.tmp/clamav-3031fc0ee75595b27424f03723103c99.tmp LibClamAV debug: parseEmailBody() returning 3 LibClamAV debug: cli_mbox returning 1 LibClamAV debug: FP SIGNATURE: da3221bb1a6b9547dbe894d4483c5032:919:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MBox file LibClamAV debug: cache_check: 69a26d9c8eda12094e588f66bf85b212 is negative LibClamAV debug: Starting cli_scanmail(), recursion = 1 LibClamAV debug: in mbox() LibClamAV debug: blobSetFilename: clam.exe LibClamAV debug: fileblobSetFilename: file clam.exe saved to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-c6d3786174150edcd8d865f4ecfdb2bd.tmp/clamav-1e2f639b0f9c76503289e28db70907a1.tmp LibClamAV debug: uudecode clam.exe LibClamAV debug: fileblobDestroy: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-c6d3786174150edcd8d865f4ecfdb2bd.tmp/clamav-1e2f639b0f9c76503289e28db70907a1.tmp LibClamAV debug: Extract attachments from email 1 LibClamAV debug: parseEmailHeaders LibClamAV debug: parseEmailHeaders: check 'From test@example.com Thu Jul 31 13:51:21 2008' LibClamAV debug: parseEmailHeaders: check 'From: test@example.com' LibClamAV debug: parseEmailHeaders: check 'MIME-Version: 1.0' LibClamAV debug: parseEmailHeaders: check 'Content-Type: Application/Octet-Stream; name="clam.exe"' LibClamAV debug: parseEmailHeader 'Content-Type: Application/Octet-Stream; name="clam.exe"' LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' Application/Octet-Stream; name="clam.exe"' LibClamAV debug: messageSetMimeType: 'Application' LibClamAV debug: mimeArgs = ' name="clam.exe"' LibClamAV debug: Add arguments ' name="clam.exe"' LibClamAV debug: messageAddArgument, arg='name=clam.exe' LibClamAV debug: parseEmailHeaders: check 'Content-Transfer-Encoding: x-uuencode' LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: x-uuencode' LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' x-uuencode' LibClamAV debug: messageSetEncoding: 'x-uuencode' LibClamAV debug: Encoding type 1 is "x-uuencode" LibClamAV debug: parseEmailHeaders: check '' LibClamAV debug: End of header information LibClamAV debug: newline_in_header, check "e" LibClamAV debug: parseEmailHeaders: finished with headers, moving body LibClamAV debug: parseEmailHeaders: return LibClamAV debug: in parseEmailBody, 0 files saved so far LibClamAV debug: Parsing mail file LibClamAV debug: mimeType = 1 LibClamAV debug: messageToFileblob LibClamAV debug: messageExport: numberOfEncTypes == 1 LibClamAV debug: messageExport: enctype 0 is 5 LibClamAV debug: messageExport: treat uuencode as text/plain LibClamAV debug: messageSetEncoding: 'base64' LibClamAV debug: Encoding type 2 is "base64" LibClamAV debug: blobSetFilename: clam.exe LibClamAV debug: fileblobSetFilename: file clam.exe saved to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-c6d3786174150edcd8d865f4ecfdb2bd.tmp/clamav-a99e472e36d405fa929db941708388c3.tmp LibClamAV debug: textToFileBlob to clam.exe, destroy = 0 LibClamAV debug: fileblobDestroy: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-c6d3786174150edcd8d865f4ecfdb2bd.tmp/clamav-a99e472e36d405fa929db941708388c3.tmp LibClamAV debug: messageExport: enctype 1 is 2 LibClamAV debug: blobSetFilename: clam.exe LibClamAV debug: fileblobSetFilename: file clam.exe saved to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-c6d3786174150edcd8d865f4ecfdb2bd.tmp/clamav-4514a6ebab9056488799a7aef1f9c6de.tmp LibClamAV debug: sanitiseBase64 'e' LibClamAV debug: Exported 0 bytes using enctype 2 LibClamAV debug: 1 trailing bytes to export LibClamAV debug: base64chars = 1 (@ @ @) LibClamAV debug: Saving main message as attachment LibClamAV debug: fileblobScan, ctx == NULL LibClamAV debug: fileblobDestroy: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-c6d3786174150edcd8d865f4ecfdb2bd.tmp/clamav-4514a6ebab9056488799a7aef1f9c6de.tmp LibClamAV debug: Saving text part to scan, rc = 1 LibClamAV debug: messageAddArgument, arg='filename=textportion' LibClamAV debug: Force mime encoding to application LibClamAV debug: messageSetMimeType: 'application' LibClamAV debug: messageToFileblob LibClamAV debug: parseEmailBody() returning 1 LibClamAV debug: cli_mbox returning 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Small data (1 bytes) LibClamAV debug: cli_magic_scandesc: returning 0 at line 3328 (no post, no cache) LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 69a26d9c8eda12094e588f66bf85b212:960:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized RTF file LibClamAV debug: cache_check: 04cf3829d62e39af9ac138a38ed73117 is negative LibClamAV debug: in cli_scanrtf() LibClamAV debug: RTF: waiting for magic LibClamAV debug: RTF: description length:8 LibClamAV debug: RTF: in WAIT_DESC LibClamAV debug: Preparing to dump rtf embedded object, description:Package LibClamAV debug: RTF: next state: wait_data_size LibClamAV debug: RTF: in WAIT_DATA_SIZE LibClamAV debug: Dumping rtf embedded object of size:639 LibClamAV debug: RTF: next state: DUMP_DATA LibClamAV debug: RTF:Scanning embedded object:/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-be6180caa9555f7812ad018a7200473a.tmp/clamav-6df01f6b7af566d7199166741adedaf0.tmp LibClamAV debug: Decoding ole object LibClamAV debug: cli_decode_ole_object: decoding to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-5aa16e541e1a7dbae328a40196592ea5.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 04cf3829d62e39af9ac138a38ed73117:20255:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized compress.exed file LibClamAV debug: cache_check: e24d74f1524609277d2af5b497121a41 is negative LibClamAV debug: in cli_scanszdd() LibClamAV debug: MSEXPAND: File size from header: 544 LibClamAV debug: MSEXPAND: Decompressed into /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-1e61b5de4da133c4ea2131c5062dd50d.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: e24d74f1524609277d2af5b497121a41:308:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized ZIP file LibClamAV debug: cache_check: 0048ab72da0177e75e852bdce3fdd69e is negative LibClamAV debug: in cli_unzip LibClamAV debug: cli_unzip: central @13e LibClamAV debug: cli_unzip: ch - flags 0 - method 6 - csize 118 - usize 220 - flen 8 - elen 0 - clen 0 - disk 0 - off 0 LibClamAV debug: cli_unzip: ch - fname: CLAM.EXE LibClamAV debug: cli_unzip: lh - ZMDNAME:0:CLAM.EXE:544:280:ef073cfd:6:1:1 LibClamAV debug: CDBNAME:CL_TYPE_ZIP:280:CLAM.EXE:280:544:0:1:4010228989:(nil) LibClamAV debug: cli_unzip: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-d7a88438e111427ff0fd1f7a314f6257.tmp/zip.000 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 0048ab72da0177e75e852bdce3fdd69e:394:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 2ede2afebefe66b71744584bbfd004c9 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: Matched signature for file type ISO9660 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ISO9660 signature found at 32768 LibClamAV debug: in cli_scaniso LibClamAV debug: cli_scaniso: Raw sector size: 2048 LibClamAV debug: cli_scaniso: Block size: 2048 LibClamAV debug: cli_scaniso: Volume descriptor version: 1 LibClamAV debug: cli_scaniso: System: LINUX LibClamAV debug: cli_scaniso: Volume: CDROM LibClamAV debug: cli_scaniso: Volume space size: 0xb0 blocks LibClamAV debug: cli_scaniso: Volume 1 of 1 LibClamAV debug: cli_scaniso: Volume Set: LibClamAV debug: cli_scaniso: Publisher: LibClamAV debug: cli_scaniso: Data Preparer: LibClamAV debug: cli_scaniso: Application: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM LibClamAV debug: cli_scaniso: Volume creation time: 2011-11-22 19:06:50 LibClamAV debug: cli_scaniso: Volume modification time: 2011-11-22 19:06:50 LibClamAV debug: cli_scaniso: Volume expiration time: 0000-00-00 00:00:00 LibClamAV debug: cli_scaniso: Volume effective time: 2011-11-22 19:06:50 LibClamAV debug: cli_scaniso: Path table size: 0x16 LibClamAV debug: cli_scaniso: LSB Path Table: 0x13 LibClamAV debug: cli_scaniso: Opt LSB Path Table: 0x0 LibClamAV debug: cli_scaniso: MSB Path Table: 0x15 LibClamAV debug: cli_scaniso: Opt MSB Path Table: 0x0 LibClamAV debug: cli_scaniso: File Structure Version: 1 LibClamAV debug: iso_parse_dir: Directory 'DIR': off 18 - size 800 - flags 2 - unit size 0 - gap size 0 - volume 1 LibClamAV debug: CDBNAME:CL_TYPE_ISO9660:2048:DIR:2048:2048:0:0:0:(nil) LibClamAV debug: iso_parse_dir: File 'CLAM.EXE': off 19 - size 220 - flags 0 - unit size 0 - gap size 0 - volume 1 LibClamAV debug: CDBNAME:CL_TYPE_ISO9660:544:CLAM.EXE:544:544:0:0:0:(nil) LibClamAV debug: iso_scan_file: dumping to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-2c814b21ed33a559e37221f3fc612d11.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: hashtab: Freeing hashset, elements: 2, capacity: 1024 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: 2ede2afebefe66b71744584bbfd004c9:360448:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized Exim mail file LibClamAV debug: cache_check: a57a8f14a6d5a0ec8d373d646ce1f88a is negative LibClamAV debug: Starting cli_scanmail(), recursion = 1 LibClamAV debug: in mbox() LibClamAV debug: parseEmailFile LibClamAV debug: parseEmailFile: check 'From: ClamAV' fullline (nil) LibClamAV debug: parseEmailFile: check 'To: ClamAV' fullline (nil) LibClamAV debug: parseEmailFile: check 'Subject: ClamAV Test File' fullline (nil) LibClamAV debug: parseEmailFile: check 'Message-ID: <20080603232833.1aeaf8f1@ClamAV>' fullline (nil) LibClamAV debug: parseEmailFile: check 'Organization: ClamAV' fullline (nil) LibClamAV debug: parseEmailFile: check 'Mime-Version: 1.0' fullline (nil) LibClamAV debug: parseEmailFile: check 'Content-Type: multipart/mixed; boundary="MP_/6OvrPH9HEPZRUCVu6uT=Fey"' fullline (nil) LibClamAV debug: parseEmailHeader 'Content-Type: multipart/mixed; boundary="MP_/6OvrPH9HEPZRUCVu6uT=Fey"' LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' multipart/mixed; boundary="MP_/6OvrPH9HEPZRUCVu6uT=Fey"' LibClamAV debug: messageSetMimeType: 'multipart' LibClamAV debug: mimeArgs = ' boundary="MP_/6OvrPH9HEPZRUCVu6uT=Fey"' LibClamAV debug: Add arguments ' boundary="MP_/6OvrPH9HEPZRUCVu6uT=Fey"' LibClamAV debug: messageAddArgument, arg='boundary=MP_/6OvrPH9HEPZRUCVu6uT=Fey' LibClamAV debug: parseEmailFile: check '' fullline (nil) LibClamAV debug: End of header information LibClamAV debug: newline_in_header, check "--MP_/6OvrPH9HEPZRUCVu6uT=Fey" LibClamAV debug: getline_from_mbox: fmap need failed LibClamAV debug: parseEmailFile: return LibClamAV debug: in parseEmailBody, 0 files saved so far LibClamAV debug: Parsing mail file LibClamAV debug: mimeType = 5 LibClamAV debug: Content-type 'multipart' handler LibClamAV debug: boundaryStart: found MP_/6OvrPH9HEPZRUCVu6uT=Fey in --MP_/6OvrPH9HEPZRUCVu6uT=Fey LibClamAV debug: Now read in part 0 LibClamAV debug: Multipart 0: About to parse folded header 'Content-Type: text/plain; charset=US-ASCII' LibClamAV debug: parseEmailHeader 'Content-Type: text/plain; charset=US-ASCII' LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' text/plain; charset=US-ASCII' LibClamAV debug: messageSetMimeType: 'text' LibClamAV debug: mimeArgs = ' charset=US-ASCII' LibClamAV debug: Add arguments ' charset=US-ASCII' LibClamAV debug: messageAddArgument, arg='charset=US-ASCII' LibClamAV debug: Discarding unwanted argument 'charset=US-ASCII' LibClamAV debug: Multipart 0: About to parse folded header 'Content-Transfer-Encoding: 7bit' LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: 7bit' LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' 7bit' LibClamAV debug: messageSetEncoding: '7bit' LibClamAV debug: Encoding type 1 is "7bit" LibClamAV debug: Multipart 0: About to parse folded header 'Content-Disposition: inline' LibClamAV debug: parseEmailHeader 'Content-Disposition: inline' LibClamAV debug: parseMimeHeader: cmd='Content-Disposition', arg=' inline' LibClamAV debug: messageAddArgument, arg='filename=unknown' LibClamAV debug: Multipart 0: End of header information LibClamAV debug: boundaryStart: found MP_/6OvrPH9HEPZRUCVu6uT=Fey in --MP_/6OvrPH9HEPZRUCVu6uT=Fey LibClamAV debug: Part 0 has 1 lines, rc = 1 LibClamAV debug: Mixed message part 0 is of type 6 LibClamAV debug: Mixed message text part disposition "inline" LibClamAV debug: Mime subtype "plain" LibClamAV debug: Treating inline as attachment LibClamAV debug: messageToFileblob LibClamAV debug: messageExport: numberOfEncTypes == 1 LibClamAV debug: messageExport: enctype 0 is 0 LibClamAV debug: messageSetEncoding: 'base64' LibClamAV debug: Encoding type 2 is "base64" LibClamAV debug: blobSetFilename: unknown LibClamAV debug: fileblobSetFilename: file unknown saved to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-095a81866bab5c8f34cb9cc4c2cca89e.tmp/clamav-d4ae4cfe3341f1c47ca00ec9a7fed48f.tmp LibClamAV debug: textToFileBlob to unknown, destroy = 0 LibClamAV debug: fileblobDestroy: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-095a81866bab5c8f34cb9cc4c2cca89e.tmp/clamav-d4ae4cfe3341f1c47ca00ec9a7fed48f.tmp LibClamAV debug: messageExport: enctype 1 is 2 LibClamAV debug: blobSetFilename: unknown LibClamAV debug: fileblobSetFilename: file unknown saved to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-095a81866bab5c8f34cb9cc4c2cca89e.tmp/clamav-b0ba8aaed0b4461b188ed87f6bf3af34.tmp LibClamAV debug: sanitiseBase64 'This is a ClamAV test file with embedded clam.exe' LibClamAV debug: Exported 30 bytes using enctype 2 LibClamAV debug: CDBNAME:CL_TYPE_MAIL:30:unknown:30:30:0:0:0:(nil) LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: 8fe7d75a1adb2d661f9f622b32fb503b is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 8fe7d75a1adb2d661f9f622b32fb503b (level 0) LibClamAV debug: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-095a81866bab5c8f34cb9cc4c2cca89e.tmp/clamav-b0ba8aaed0b4461b188ed87f6bf3af34.tmp is clean LibClamAV debug: fileblobDestructiveDestroy: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-095a81866bab5c8f34cb9cc4c2cca89e.tmp/clamav-b0ba8aaed0b4461b188ed87f6bf3af34.tmp LibClamAV debug: Now read in part 0 LibClamAV debug: Multipart 0: About to parse folded header 'Content-Type: application/x-ms-dos-executable; name=clam.exe' LibClamAV debug: parseEmailHeader 'Content-Type: application/x-ms-dos-executable; name=clam.exe' LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' application/x-ms-dos-executable; name=clam.exe' LibClamAV debug: messageSetMimeType: 'application' LibClamAV debug: mimeArgs = ' name=clam.exe' LibClamAV debug: Add arguments ' name=clam.exe' LibClamAV debug: messageAddArgument, arg='name=clam.exe' LibClamAV debug: Multipart 0: About to parse folded header 'Content-Transfer-Encoding: base64' LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: base64' LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' base64' LibClamAV debug: messageSetEncoding: 'base64' LibClamAV debug: Encoding type 1 is "base64" LibClamAV debug: Multipart 0: About to parse folded header 'Content-Disposition: attachment; filename=clam.exe' LibClamAV debug: parseEmailHeader 'Content-Disposition: attachment; filename=clam.exe' LibClamAV debug: parseMimeHeader: cmd='Content-Disposition', arg=' attachment; filename=clam.exe' LibClamAV debug: messageAddArgument, arg='filename=clam.exe' LibClamAV debug: Multipart 0: End of header information LibClamAV debug: Part 0 has 11 lines, rc = 1 LibClamAV debug: Mixed message part 0 is of type 1 LibClamAV debug: messageToFileblob LibClamAV debug: messageExport: numberOfEncTypes == 1 LibClamAV debug: messageExport: enctype 0 is 2 LibClamAV debug: blobSetFilename: clam.exe LibClamAV debug: fileblobSetFilename: file clam.exe saved to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-095a81866bab5c8f34cb9cc4c2cca89e.tmp/clamav-806ee2b3cf939ac13053d3f4cf3b73e1.tmp LibClamAV debug: sanitiseBase64 'TVpQAAIAAAAEAA8A//8AALgAAAAhAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' LibClamAV debug: sanitiseBase64 'AAAAAAEAALtxEEAAM8BQUIvzU1NQsClAMARmrHn5ujEAeA2tUP9mcA4fvjEA6eX/tAnNIbRMzSFi' LibClamAV debug: sanitiseBase64 'DAoBAnB2FwIeTgwEL9rMEAAAAAAAAAAAAAAAAAAAwBAAAIAQAAAAAAAAAAAAAAAAAADaEAAA9BAA' LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAS0VSTkVMMzIuRExMAABFeGl0UHJvY2VzcwBVU0VSMzIuRExM' LibClamAV debug: sanitiseBase64 'AENMQU1lc3NhZ2VCb3hBAOYQAAAAAAAAPz8/P1BFAABMAQEAYUNhQgAAAAAAAAAA4ACOgQsBAhkA' LibClamAV debug: sanitiseBase64 'BAAAAAYAAAAAAABAEAAAABAAAEAAAAAAAEAAABAAAAACAAABAAAAAAAAAAMACgAAAAAAACAAAAAE' LibClamAV debug: sanitiseBase64 'AAAAAAAAAgAAAAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhBAAAIAAAAAAAAAAAAAA' LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW0NMQU1BVl0A' LibClamAV debug: sanitiseBase64 'EAAAABAAAAACAAABAAAAAAAAAAAAAAAAAAAAAAAAwA' LibClamAV debug: Exported 543 bytes using enctype 2 LibClamAV debug: 2 trailing bytes to export LibClamAV debug: base64chars = 2 (0 @ @) LibClamAV debug: CDBNAME:CL_TYPE_MAIL:544:clam.exe:544:544:0:0:0:(nil) LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-095a81866bab5c8f34cb9cc4c2cca89e.tmp/clamav-806ee2b3cf939ac13053d3f4cf3b73e1.tmp is infected LibClamAV debug: fileblobDestructiveDestroy: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-095a81866bab5c8f34cb9cc4c2cca89e.tmp/clamav-806ee2b3cf939ac13053d3f4cf3b73e1.tmp LibClamAV debug: The message has 0 parts LibClamAV debug: cli_mbox returning 1 LibClamAV debug: FP SIGNATURE: a57a8f14a6d5a0ec8d373d646ce1f88a:1337:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized CPIO NEWC file LibClamAV debug: cache_check: 0ad868ed626c3cdcd924d83d1dd85ead is negative LibClamAV debug: CPIO: -- File 1 -- LibClamAV debug: CPIO: Name: clam.exe LibClamAV debug: CPIO: Filesize: 544 LibClamAV debug: CDBNAME:CL_TYPE_CPIO_NEWC:544:clam.exe:544:544:0:1:0:(nil) LibClamAV debug: cli_map_scan: [120, +544) LibClamAV debug: cli_map_scandesc: [0, +1024), [120, +544) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 0ad868ed626c3cdcd924d83d1dd85ead:1024:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized CPIO ODC file LibClamAV debug: cache_check: b874713310858f4299be1b41d31e4674 is negative LibClamAV debug: CPIO: -- File 1 -- LibClamAV debug: CPIO: Name: clam.exe LibClamAV debug: CPIO: Filesize: 544 LibClamAV debug: CDBNAME:CL_TYPE_CPIO_ODC:544:clam.exe:544:544:0:1:0:(nil) LibClamAV debug: cli_map_scan: [85, +544) LibClamAV debug: cli_map_scandesc: [0, +1024), [85, +544) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: b874713310858f4299be1b41d31e4674:1024:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized OLE2 container file LibClamAV debug: cache_check: 72f471de3952aa10e0c729443ad7f65e is negative LibClamAV debug: in cli_scanole2() LibClamAV debug: in cli_ole2_extract() LibClamAV debug: LibClamAV debug: Magic: 0xd0cf11e0a1b11ae1 LibClamAV debug: CLSID: {0000-00-00-00-000000} LibClamAV debug: Minor version: 0x3e LibClamAV debug: DLL version: 0x3 LibClamAV debug: Byte Order: -2 LibClamAV debug: Big Block Size: 9 LibClamAV debug: Small Block Size: 6 LibClamAV debug: BAT count: 1 LibClamAV debug: Prop start: 18 LibClamAV debug: SBAT cutoff: 4096 LibClamAV debug: SBat start: 20 LibClamAV debug: SBat block count: 1 LibClamAV debug: XBat start: -2 LibClamAV debug: XBat block count: 0 LibClamAV debug: LibClamAV debug: Max block number: 248 LibClamAV debug: OLE2: VBA project found LibClamAV debug: OLE2: root entry [root] b size:0x00000f80 flags:0x00000000 LibClamAV debug: OLE2: _5_summaryinformation [file] b size:0x0000019c flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_5_summaryinformation' to '/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-884d8ceb79d2453cb3ccdbb7a5aace8c.tmp/8f77ea59a4794f91b39913db2e55f3fc_0' LibClamAV debug: OLE2: _5_documentsummaryinformation [file] b size:0x0000011c flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_5_documentsummaryinformation' to '/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-884d8ceb79d2453cb3ccdbb7a5aace8c.tmp/c94e3926fdf7b9e624cba640b87b17a8_0' LibClamAV debug: OLE2: worddocument [file] b size:0x0000102e flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping 'worddocument' to '/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-884d8ceb79d2453cb3ccdbb7a5aace8c.tmp/126ea3fd0ff7f18c9c5eec0c07398c49_0' LibClamAV debug: OLE2: 1table [file] r size:0x00000847 flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '1table' to '/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-884d8ceb79d2453cb3ccdbb7a5aace8c.tmp/0e2af3cf7b22050354734d7eb56b80d3_0' LibClamAV debug: OLE2: objectpool [dir ] b size:0x00000000 flags:0x00000000 LibClamAV debug: OLE2 dir entry: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-884d8ceb79d2453cb3ccdbb7a5aace8c.tmp/000003 LibClamAV debug: OLE2: _1279313719 [dir ] b size:0x00000000 flags:0x00000000 LibClamAV debug: OLE2 dir entry: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-884d8ceb79d2453cb3ccdbb7a5aace8c.tmp/000003/000004 LibClamAV debug: OLE2: _1_compobj [file] b size:0x00000052 flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_compobj' to '/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-884d8ceb79d2453cb3ccdbb7a5aace8c.tmp/000003/000004/88144fbcb62650fa72c360688f4772c7_0' LibClamAV debug: OLE2: _3_objinfo [file] b size:0x00000006 flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_3_objinfo' to '/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-884d8ceb79d2453cb3ccdbb7a5aace8c.tmp/000003/000004/b716b79df7921f86c7532913ba9e5562_0' LibClamAV debug: OLE2: _1_ole10native [file] r size:0x00000255 flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_ole10native' to '/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-884d8ceb79d2453cb3ccdbb7a5aace8c.tmp/000003/000004/e74f5f7bbf0b77708bc591157d708d3d_0' LibClamAV debug: OLE2: _1_ole [file] b size:0x00000014 flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_ole' to '/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-884d8ceb79d2453cb3ccdbb7a5aace8c.tmp/000003/000004/4d5f109dc1c0609112df3a2e6f747fea_0' LibClamAV debug: OLE2: _1_compobj [file] r size:0x00000075 flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_compobj' to '/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-884d8ceb79d2453cb3ccdbb7a5aace8c.tmp/88144fbcb62650fa72c360688f4772c7_1' LibClamAV debug: OLE2: data [file] b size:0x00001000 flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping 'data' to '/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-884d8ceb79d2453cb3ccdbb7a5aace8c.tmp/8d777f385d3dfec8815d20f7496026dc_0' LibClamAV debug: VBADir: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-884d8ceb79d2453cb3ccdbb7a5aace8c.tmp LibClamAV debug: wm_readdir: macro offset: 0x41c0000 LibClamAV debug: wm_readdir: macro len: 0x160000 LibClamAV debug: wm_readdir: read macro_info failed LibClamAV debug: VBADir: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-884d8ceb79d2453cb3ccdbb7a5aace8c.tmp/000003 LibClamAV debug: VBADir: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-884d8ceb79d2453cb3ccdbb7a5aace8c.tmp/000003/000004 LibClamAV debug: cli_decode_ole_object: decoding to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-80021df2e2d726d2f761a85dcea76283.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 72f471de3952aa10e0c729443ad7f65e:16384:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized PDF document file LibClamAV debug: cache_check: f6a7821809bff648e8dbd72f027f3850 is negative LibClamAV debug: in cli_pdf(/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-997c1dafed89180520430c78e884e677.tmp) LibClamAV debug: cli_pdf: did not find valid xref LibClamAV debug: Bytecode executing hook id 258 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_pdf: found 1 0 obj @26 LibClamAV debug: cli_pdf: found 2 0 obj @100 LibClamAV debug: cli_pdf: found 3 0 obj @270 LibClamAV debug: cli_pdf: found 4 0 obj @338 LibClamAV debug: cli_pdf: found 5 0 obj @1719 LibClamAV debug: cli_pdf: found 6 0 obj @1925 LibClamAV debug: cli_pdf: found 7 0 obj @1963 LibClamAV debug: cli_pdf: found 8 0 obj @2016 LibClamAV debug: cli_pdf: found 9 0 obj @2054 LibClamAV debug: cli_pdf: found 10 0 obj @2484 LibClamAV debug: cli_pdf: found 11 0 obj @2773 LibClamAV debug: cli_pdf: found 12 0 obj @5181 LibClamAV debug: cli_pdf: found 13 0 obj @5283 LibClamAV debug: cli_pdf: found 14 0 obj @5308 LibClamAV debug: cli_pdf: found 15 0 obj @5729 LibClamAV debug: cli_pdf: found 16 0 obj @6391 LibClamAV debug: cli_pdf: found 17 0 obj @6474 LibClamAV debug: cli_pdf: 1 0 obj flags: 02 LibClamAV debug: cli_pdf: 2 0 obj flags: 02 LibClamAV debug: cli_pdf: 3 0 obj flags: 02 LibClamAV debug: cli_pdf: 4 0 obj flags: 03 LibClamAV debug: cli_pdf: found Contents stored in indirect object 14 0 LibClamAV debug: cli_pdf: 5 0 obj flags: 800002 LibClamAV debug: cli_pdf: 6 0 obj flags: 02 LibClamAV debug: cli_pdf: 7 0 obj flags: 02 LibClamAV debug: cli_pdf: 8 0 obj flags: 02 LibClamAV debug: cli_pdf: 9 0 obj flags: 02 LibClamAV debug: cli_pdf: 10 0 obj flags: 20002 LibClamAV debug: cli_pdf: 11 0 obj flags: 10023 LibClamAV debug: cli_pdf: 12 0 obj flags: 02 LibClamAV debug: cli_pdf: 13 0 obj: no dictionary LibClamAV debug: cli_pdf: 14 0 obj flags: 1010023 LibClamAV debug: cli_pdf: 15 0 obj flags: 07 LibClamAV debug: cli_pdf: 16 0 obj flags: 02 LibClamAV debug: cli_pdf: 17 0 obj flags: 1000002 LibClamAV debug: Bytecode executing hook id 258 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_pdf: (parsed hooks) returned 0 LibClamAV debug: pdf_extract_obj: obj 1 0 LibClamAV debug: pdf_extract_obj: obj 2 0 LibClamAV debug: pdf_extract_obj: obj 3 0 LibClamAV debug: pdf_extract_obj: obj 4 0 LibClamAV debug: cli_pdf: dumping obj 4 0 LibClamAV debug: cli_pdf: extracted 1287 bytes 4 0 obj LibClamAV debug: ... to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-997c1dafed89180520430c78e884e677.tmp/pdf00 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: afeb29d29db00e7b0a56c1095a45152c is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: afeb29d29db00e7b0a56c1095a45152c (level 0) LibClamAV debug: Bytecode executing hook id 258 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: pdf_extract_obj: obj 5 0 LibClamAV debug: pdf_extract_obj: obj 6 0 LibClamAV debug: pdf_extract_obj: obj 7 0 LibClamAV debug: pdf_extract_obj: obj 8 0 LibClamAV debug: pdf_extract_obj: obj 9 0 LibClamAV debug: pdf_extract_obj: obj 10 0 LibClamAV debug: pdf_extract_obj: obj 11 0 LibClamAV debug: cli_pdf: dumping obj 11 0 LibClamAV debug: cli_pdf: deflate len 2305 (orig 2305) LibClamAV debug: cli_pdf: extracted 2957 bytes 11 0 obj LibClamAV debug: ... to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-997c1dafed89180520430c78e884e677.tmp/pdf01 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 00caa7c99f05f5c47d95c516d38c6f1e is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 00caa7c99f05f5c47d95c516d38c6f1e (level 0) LibClamAV debug: Bytecode executing hook id 258 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: pdf_extract_obj: obj 12 0 LibClamAV debug: pdf_extract_obj: obj 13 0 LibClamAV debug: pdf_extract_obj: obj 14 0 LibClamAV debug: cli_pdf: dumping obj 14 0 LibClamAV debug: cli_pdf: length is in indirect object 13 0 LibClamAV debug: cli_pdf: deflate len 334 (orig 334) LibClamAV debug: cli_pdf: extracted 662 bytes 14 0 obj LibClamAV debug: ... to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-997c1dafed89180520430c78e884e677.tmp/pdf02 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: d6ceddd633b1dcc23e459f9579bde3b5 is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: d6ceddd633b1dcc23e459f9579bde3b5 (level 0) LibClamAV debug: Bytecode executing hook id 258 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_pdf: dumping contents 14 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: 33af3356d8761430f7c7c76d93613f9a is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 33af3356d8761430f7c7c76d93613f9a (level 0) LibClamAV debug: pdf_extract_obj: obj 15 0 LibClamAV debug: cli_pdf: dumping obj 15 0 LibClamAV debug: cli_pdf: extracted 544 bytes 15 0 obj LibClamAV debug: ... to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-997c1dafed89180520430c78e884e677.tmp/pdf03 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: cli_pdf: returning 1 LibClamAV debug: FP SIGNATURE: f6a7821809bff648e8dbd72f027f3850:7277:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized OLE2 container file LibClamAV debug: cache_check: 5cc36bead5044641bf74a209721220df is negative LibClamAV debug: in cli_scanole2() LibClamAV debug: in cli_ole2_extract() LibClamAV debug: LibClamAV debug: Magic: 0xd0cf11e0a1b11ae1 LibClamAV debug: CLSID: {0000-00-00-00-000000} LibClamAV debug: Minor version: 0x3e LibClamAV debug: DLL version: 0x3 LibClamAV debug: Byte Order: -2 LibClamAV debug: Big Block Size: 9 LibClamAV debug: Small Block Size: 6 LibClamAV debug: BAT count: 1 LibClamAV debug: Prop start: 1 LibClamAV debug: SBAT cutoff: 4096 LibClamAV debug: SBat start: 2 LibClamAV debug: SBat block count: 1 LibClamAV debug: XBat start: -2 LibClamAV debug: XBat block count: 0 LibClamAV debug: LibClamAV debug: Max block number: 520 LibClamAV debug: OLE2: VBA project found LibClamAV debug: OLE2: root entry [root] r size:0x00000c80 flags:0x00000000 LibClamAV debug: OLE2: _5_summaryinformation [file] b size:0x00005500 flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_5_summaryinformation' to '/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-1df749f963f70ea895411889a60e6dac.tmp/8f77ea59a4794f91b39913db2e55f3fc_0' LibClamAV debug: OLE2: powerpoint document [file] b size:0x0000143e flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping 'powerpoint document' to '/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-1df749f963f70ea895411889a60e6dac.tmp/87320d137f01f7b183eb533a1de6c62a_0' LibClamAV debug: OLE2: _5_documentsummaryinformation [file] r size:0x00000238 flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_5_documentsummaryinformation' to '/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-1df749f963f70ea895411889a60e6dac.tmp/c94e3926fdf7b9e624cba640b87b17a8_0' LibClamAV debug: OLE2: pictures [file] b size:0x000009ce flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping 'pictures' to '/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-1df749f963f70ea895411889a60e6dac.tmp/9ed98e5c3e9685aa3de82c99009a2ed3_0' LibClamAV debug: OLE2: current user [file] r size:0x0000002c flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping 'current user' to '/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-1df749f963f70ea895411889a60e6dac.tmp/031e0a965ce78208b44b47340128ed45_0' LibClamAV debug: VBADir: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-1df749f963f70ea895411889a60e6dac.tmp LibClamAV debug: in ppt_read_atom_header LibClamAV debug: version: 0x0f LibClamAV debug: instance: 0x00 LibClamAV debug: type: 0x03e8 LibClamAV debug: length: 0x000004dc LibClamAV debug: in ppt_read_atom_header LibClamAV debug: version: 0x0f LibClamAV debug: instance: 0x00 LibClamAV debug: type: 0x03f8 LibClamAV debug: length: 0x00000a46 LibClamAV debug: in ppt_read_atom_header LibClamAV debug: version: 0x0f LibClamAV debug: instance: 0x00 LibClamAV debug: type: 0x03ee LibClamAV debug: length: 0x0000020c LibClamAV debug: in ppt_read_atom_header LibClamAV debug: version: 0x00 LibClamAV debug: instance: 0x01 LibClamAV debug: type: 0x1011 LibClamAV debug: length: 0x000002b0 LibClamAV debug: length: 684 LibClamAV debug: in ppt_read_atom_header LibClamAV debug: version: 0x00 LibClamAV debug: instance: 0x00 LibClamAV debug: type: 0x1772 LibClamAV debug: length: 0x00000014 LibClamAV debug: in ppt_read_atom_header LibClamAV debug: version: 0x00 LibClamAV debug: instance: 0x00 LibClamAV debug: type: 0x0ff5 LibClamAV debug: length: 0x0000001c LibClamAV debug: in ppt_read_atom_header LibClamAV debug: read ppt_header failed LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized OLE2 container file LibClamAV debug: cache_check: 34bbee039661ffefe723e4c053c4349e is negative LibClamAV debug: in cli_scanole2() LibClamAV debug: in cli_ole2_extract() LibClamAV debug: LibClamAV debug: Magic: 0xd0cf11e0a1b11ae1 LibClamAV debug: CLSID: {0000-00-00-00-000000} LibClamAV debug: Minor version: 0x3e LibClamAV debug: DLL version: 0x3 LibClamAV debug: Byte Order: -2 LibClamAV debug: Big Block Size: 9 LibClamAV debug: Small Block Size: 6 LibClamAV debug: BAT count: 1 LibClamAV debug: Prop start: 2 LibClamAV debug: SBAT cutoff: 4096 LibClamAV debug: SBat start: 4 LibClamAV debug: SBat block count: 1 LibClamAV debug: XBat start: -2 LibClamAV debug: XBat block count: 0 LibClamAV debug: LibClamAV debug: Max block number: 56 LibClamAV debug: OLE2: VBA project found LibClamAV debug: OLE2: root entry [root] r size:0x000003c0 flags:0x00000000 LibClamAV debug: OLE2: _1_ole10native [file] b size:0x00000307 flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_ole10native' to '/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-39710a60b0d5c0c8a44276c55ac6c03d.tmp/e74f5f7bbf0b77708bc591157d708d3d_0' LibClamAV debug: OLE2: _1_compobj [file] r size:0x0000004c flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_compobj' to '/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-39710a60b0d5c0c8a44276c55ac6c03d.tmp/88144fbcb62650fa72c360688f4772c7_0' LibClamAV debug: VBADir: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-39710a60b0d5c0c8a44276c55ac6c03d.tmp LibClamAV debug: cli_decode_ole_object: decoding to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-56f0ee3682b77fe9b458a007be31e878.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 4/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 34bbee039661ffefe723e4c053c4349e:4096:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 5cc36bead5044641bf74a209721220df:33793:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized binary data LibClamAV debug: Matched signature for file type SIS at 8 LibClamAV debug: cache_check: 9af10e8bc42125f1b471a69e0104e09e is negative LibClamAV debug: in scansis() LibClamAV debug: SIS: UIDS 1000000 10003a12 10000419 - 73854f24 LibClamAV debug: SIS: Application name: LibClamAV debug: Name (UK English - @146, len 8) LibClamAV debug: SIS: Provides: LibClamAV debug: Name (UK English - @146, len 8) LibClamAV debug: SIS: Depends on: LibClamAV debug: UID: 101f6f88 v. 0.0.0 aka: LibClamAV debug: Series60ProductID (UK English - @124, len 34) LibClamAV debug: SIS: Package is compressed LibClamAV debug: SIS: Pkgtype: 0 LibClamAV debug: SIS: File details: Options: 0 Type: simple LibClamAV debug: Original filename: C:\Users\zolw\AppData\Local\Temp\MKS0\clam.exe LibClamAV debug: Installed to: !:\clam.exe LibClamAV debug: Unpacking lang#0 - ptr:14e csize:106 osize:220 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 9af10e8bc42125f1b471a69e0104e09e:596:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: 4e05da42c0edfad9adc8103c1319a39f is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: d67efc70fcf79eca10063916930e446f is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-9716ef906f7daf8c83f092282352ccf6.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 6032, [13620 in octal] LibClamAV debug: cli_untar: Checksum 6032 is valid. LibClamAV debug: cli_untar: size = 40 LibClamAV debug: cli_untar: skipping entry LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: Candidate checksum = 5489, [12561 in octal] LibClamAV debug: cli_untar: Checksum 5489 is valid. LibClamAV debug: cli_untar: size = 544 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:544:clam.exe:544:544:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-9716ef906f7daf8c83f092282352ccf6.tmp/tar01 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: cli_untar: pos = 2048 LibClamAV debug: cli_untar: pos = 2560 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: d67efc70fcf79eca10063916930e446f:10240:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: FP SIGNATURE: 4e05da42c0edfad9adc8103c1319a39f:486:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized TNEF file LibClamAV debug: cache_check: 9417e3d9e9e227fc029204a23d2b5bf1 is negative LibClamAV debug: message tag 0x9006, type 0x8, length 4 LibClamAV debug: TNEF - found message LibClamAV debug: message tag 0x9006, type 0x8, length 4 LibClamAV debug: message tag 0x9007, type 0x6, length 8 LibClamAV debug: TNEF - found message LibClamAV debug: message tag 0x9007, type 0x6, length 8 LibClamAV debug: message tag 0x8008, type 0x7, length 24 LibClamAV debug: TNEF - found message LibClamAV debug: message tag 0x8008, type 0x7, length 24 LibClamAV debug: message tag 0x800d, type 0x4, length 2 LibClamAV debug: TNEF - found message LibClamAV debug: message tag 0x800d, type 0x4, length 2 LibClamAV debug: message tag 0x8004, type 0x1, length 48 LibClamAV debug: TNEF - found message LibClamAV debug: message tag 0x8004, type 0x1, length 48 LibClamAV debug: message tag 0x9, type 0x4, length 2 LibClamAV debug: TNEF - found message LibClamAV debug: message tag 0x9, type 0x4, length 2 LibClamAV debug: message tag 0x8006, type 0x3, length 14 LibClamAV debug: TNEF - found message LibClamAV debug: message tag 0x8006, type 0x3, length 14 LibClamAV debug: message tag 0x8020, type 0x2, length 52 LibClamAV debug: TNEF - found message LibClamAV debug: message tag 0x8020, type 0x2, length 52 LibClamAV debug: message tag 0x9004, type 0x6, length 124 LibClamAV debug: TNEF - found message LibClamAV debug: message tag 0x9004, type 0x6, length 124 LibClamAV debug: message tag 0x9003, type 0x6, length 2892 LibClamAV debug: TNEF - found message LibClamAV debug: message tag 0x9003, type 0x6, length 2892 LibClamAV debug: message tag 0x9002, type 0x6, length 14 LibClamAV debug: TNEF - found attachment LibClamAV debug: attachment tag 0x9002, type 0x6, length 14 LibClamAV debug: TNEF - unsupported attachment tag 0x9002 type 0x6 length 14 LibClamAV debug: message tag 0x8013, type 0x3, length 14 LibClamAV debug: TNEF - found attachment LibClamAV debug: attachment tag 0x8013, type 0x3, length 14 LibClamAV debug: TNEF - unsupported attachment tag 0x8013 type 0x3 length 14 LibClamAV debug: message tag 0x800f, type 0x6, length 544 LibClamAV debug: TNEF - found attachment LibClamAV debug: attachment tag 0x800f, type 0x6, length 544 LibClamAV debug: message tag 0x8010, type 0x1, length 9 LibClamAV debug: TNEF - found attachment LibClamAV debug: attachment tag 0x8010, type 0x1, length 9 LibClamAV debug: TNEF filename clam.exe LibClamAV debug: blobSetFilename: clam.exe LibClamAV debug: fileblobSetFilename: file clam.exe saved to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-b44f9f1be5d0b4c43212bea311f675af.tmp/clamav-19ea1593df12f63c63dd6b01c50bef1b.tmp LibClamAV debug: message tag 0x8011, type 0x6, length 5624 LibClamAV debug: TNEF - found attachment LibClamAV debug: attachment tag 0x8011, type 0x6, length 5624 LibClamAV debug: TNEF - unsupported attachment tag 0x8011 type 0x6 length 5624 LibClamAV debug: message tag 0x9005, type 0x6, length 180 LibClamAV debug: TNEF - found attachment LibClamAV debug: attachment tag 0x9005, type 0x6, length 180 LibClamAV debug: TNEF - unsupported attachment tag 0x9005 type 0x6 length 180 LibClamAV debug: tnef_header: ignoring trailing newline LibClamAV debug: cli_tnef: flushing final data LibClamAV debug: fileblobDestroy: /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-b44f9f1be5d0b4c43212bea311f675af.tmp/clamav-19ea1593df12f63c63dd6b01c50bef1b.tmp LibClamAV debug: cli_tnef: returning 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 9417e3d9e9e227fc029204a23d2b5bf1:9738:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized ZIP file LibClamAV debug: cache_check: 37ee24a41abc0fdbe8ee342ededf33ef is negative LibClamAV debug: in cli_unzip LibClamAV debug: cli_unzip: central @13b LibClamAV debug: cli_unzip: ch - flags 0 - method 8 - csize 100 - usize 220 - flen 8 - elen d - clen 0 - disk 0 - off 0 LibClamAV debug: cli_unzip: ch - fname: clam.exe LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:256:ef073cfd:8:1:1 LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:1:4010228989:(nil) LibClamAV debug: cli_unzip: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-d7309a5d0bb108a3633547fe17c08e1a.tmp/zip.000 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 37ee24a41abc0fdbe8ee342ededf33ef:404:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: a54c20ccd89a41329f3feeca0df4a8b3 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 41f, rva: 165f0 LibClamAV debug: cli_peheader: parsing version info @ rva 165f0 (1/1) LibClamAV debug: VersionInfo (16186): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (161d6): 'FileDescription'='Setup.exe' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000530065007400750070002e006500780065000000 LibClamAV debug: VersionInfo (16212): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (1624a): 'InternalName'='Setup' - VI:49006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000 LibClamAV debug: VersionInfo (16276): 'OriginalFilename'='Setup.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e006500780065000000 LibClamAV debug: VersionInfo (162b2): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (1632e): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (16372): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type CAB-SFX at 476556 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: *** Detected embedded PE file at 115236 *** LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: e7d69e3a0825c65b215b0ed482a3f089 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type CAB-SFX at 361320 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: CAB/CAB-SFX signature found at 361320 LibClamAV debug: in cli_scanmscab() LibClamAV debug: CAB: -------------- Cabinet file ---------------- LibClamAV debug: CAB: Cabinet length: 543349 LibClamAV debug: CAB: Folders: 1 LibClamAV debug: CAB: Files: 13 LibClamAV debug: CAB: File format version: 1.3 LibClamAV debug: CAB: Folder record 0 LibClamAV debug: CAB: Folder offset: 361737 LibClamAV debug: CAB: Folder compression method: 5379 LibClamAV debug: CAB: Recorded folders: 1 LibClamAV debug: CAB: File record 0 LibClamAV debug: CAB: File name: IKernel*dll LibClamAV debug: CAB: File offset: 0 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 1 LibClamAV debug: CAB: File name: ctor*dll LibClamAV debug: CAB: File offset: 753664 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 2 LibClamAV debug: CAB: File name: IScript*dll LibClamAV debug: CAB: File offset: 823378 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 3 LibClamAV debug: CAB: File name: IUser*dll LibClamAV debug: CAB: File offset: 1097810 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 4 LibClamAV debug: CAB: File name: objectps*dll LibClamAV debug: CAB: File offset: 1282130 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 5 LibClamAV debug: CAB: File name: DotNetInstaller*exe LibClamAV debug: CAB: File offset: 1314898 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 6 LibClamAV debug: CAB: File name: iKernel*rgs LibClamAV debug: CAB: File offset: 1320530 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 7 LibClamAV debug: CAB: File name: ISProBE9x*tlb LibClamAV debug: CAB: File offset: 1358611 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 8 LibClamAV debug: CAB: File name: ISProBENT*tlb LibClamAV debug: CAB: File offset: 1487479 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 9 LibClamAV debug: CAB: File name: ISBEW64*rgs LibClamAV debug: CAB: File offset: 1605299 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 10 LibClamAV debug: CAB: File name: IsBEW64*tlb LibClamAV debug: CAB: File offset: 1605869 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 11 LibClamAV debug: CAB: File name: ISBEW64*exe LibClamAV debug: CAB: File offset: 1608289 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 12 LibClamAV debug: CAB: File name: ISBEW64A*exe LibClamAV debug: CAB: File offset: 1732705 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IKernel*dll:0:753664:0:1:0:(nil) LibClamAV debug: CAB: Extracting file IKernel*dll to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-e2b3cd49b71b339f4d3dd5ebfa2725d2.tmp, size 753664, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 24 LibClamAV debug: lzx_decompress: current frame = 0 LibClamAV debug: lzx_decompress: current frame = 1 LibClamAV debug: lzx_decompress: current frame = 2 LibClamAV debug: lzx_decompress: current frame = 3 LibClamAV debug: lzx_decompress: current frame = 4 LibClamAV debug: lzx_decompress: current frame = 5 LibClamAV debug: lzx_decompress: current frame = 6 LibClamAV debug: lzx_decompress: current frame = 7 LibClamAV debug: lzx_decompress: current frame = 8 LibClamAV debug: lzx_decompress: current frame = 9 LibClamAV debug: lzx_decompress: current frame = 10 LibClamAV debug: lzx_decompress: current frame = 11 LibClamAV debug: lzx_decompress: current frame = 12 LibClamAV debug: lzx_decompress: current frame = 13 LibClamAV debug: lzx_decompress: current frame = 14 LibClamAV debug: lzx_decompress: current frame = 15 LibClamAV debug: lzx_decompress: current frame = 16 LibClamAV debug: lzx_decompress: current frame = 17 LibClamAV debug: lzx_decompress: current frame = 18 LibClamAV debug: lzx_decompress: current frame = 19 LibClamAV debug: lzx_decompress: current frame = 20 LibClamAV debug: lzx_decompress: current frame = 21 LibClamAV debug: lzx_decompress: current frame = 22 LibClamAV debug: lzx_decompress: current frame = 23 LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 594678e8fc20d430eb7bd2de53f8f307 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: c30d8 LibClamAV debug: cli_peheader: parsing version info @ rva c30d8 (1/1) LibClamAV debug: VersionInfo (ab236): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (ab286): 'FileDescription'='InstallShield (R) Setup Engine' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c0064002000280052002900200053006500740075007000200045006e00670069006e00650000000000 LibClamAV debug: VersionInfo (ab2ee): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (ab326): 'InternalName'='Kernel' - VI:49006e007400650072006e0061006c004e0061006d00650000004b00650072006e0065006c0000000000 LibClamAV debug: VersionInfo (ab356): 'OriginalFilename'='iKernel.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d006500000069004b00650072006e0065006c002e0064006c006c000000 LibClamAV debug: VersionInfo (ab396): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (ab412): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (ab456): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: e_lfanew == 272 LibClamAV debug: File type: DLL LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 5 LibClamAV debug: TimeDateStamp: Mon Apr 4 06:02:55 2005 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x89000 LibClamAV debug: SizeOfInitializedData: 0x46000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x76aec LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0xd0000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x88de5 0x89000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x89000 0x89000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x17cd4 0x18000 LibClamAV debug: VirtualAddress: 0x8a000 0x8a000 LibClamAV debug: SizeOfRawData: 0x18000 0x18000 LibClamAV debug: PointerToRawData: 0x8a000 0x8a000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x201a0 0x21000 LibClamAV debug: VirtualAddress: 0xa2000 0xa2000 LibClamAV debug: SizeOfRawData: 0x9000 0x9000 LibClamAV debug: PointerToRawData: 0xa2000 0xa2000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x838 0x1000 LibClamAV debug: VirtualAddress: 0xc3000 0xc3000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0xab000 0xab000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .reloc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0xb53a 0xc000 LibClamAV debug: VirtualAddress: 0xc4000 0xc4000 LibClamAV debug: SizeOfRawData: 0xc000 0xc000 LibClamAV debug: PointerToRawData: 0xac000 0xac000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x76aec (486124) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 594678e8fc20d430eb7bd2de53f8f307 (level 0) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ctor*dll:0:69714:0:2:0:(nil) LibClamAV debug: CAB: Extracting file ctor*dll to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-28c5b98ca02f69da5f0e6f651e733c20.tmp, size 69714, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 26 LibClamAV debug: lzx_decompress: current frame = 24 LibClamAV debug: lzx_decompress: current frame = 25 LibClamAV debug: CAB: Length from header 69714 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 34fc187d14c58d715804983399f5faad is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: f090 LibClamAV debug: cli_peheader: parsing version info @ rva f090 (1/1) LibClamAV debug: VersionInfo (f13e): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (f18e): 'FileDescription'='InstallShield (R) Ctor DLL' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c00640020002800520029002000430074006f007200200044004c004c0000000000 LibClamAV debug: VersionInfo (f1ee): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (f226): 'InternalName'='Ctor' - VI:49006e007400650072006e0061006c004e0061006d0065000000430074006f00720000000000 LibClamAV debug: VersionInfo (f252): 'OriginalFilename'='ctor.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000630074006f0072002e0064006c006c0000000000 LibClamAV debug: VersionInfo (f28e): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (f30a): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (f34e): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: e_lfanew == 248 LibClamAV debug: File type: DLL LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 5 LibClamAV debug: TimeDateStamp: Mon Apr 4 06:02:21 2005 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x9000 LibClamAV debug: SizeOfInitializedData: 0x7000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x7cdf LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x11000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x8ae4 0x9000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x9000 0x9000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x3837 0x4000 LibClamAV debug: VirtualAddress: 0xa000 0xa000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0xa000 0xa000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0xd18 0x1000 LibClamAV debug: VirtualAddress: 0xe000 0xe000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0xe000 0xe000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x4a0 0x1000 LibClamAV debug: VirtualAddress: 0xf000 0xf000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0xf000 0xf000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .reloc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0xb02 0x1000 LibClamAV debug: VirtualAddress: 0x10000 0x10000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x10000 0x10000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x7cdf (31967) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 34fc187d14c58d715804983399f5faad (level 0) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IScript*dll:0:274432:0:3:0:(nil) LibClamAV debug: CAB: Extracting file IScript*dll to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-cf53cc29b8719df1dad9cef8525562da.tmp, size 274432, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 34 LibClamAV debug: lzx_decompress: current frame = 26 LibClamAV debug: lzx_decompress: current frame = 27 LibClamAV debug: lzx_decompress: current frame = 28 LibClamAV debug: lzx_decompress: current frame = 29 LibClamAV debug: lzx_decompress: current frame = 30 LibClamAV debug: lzx_decompress: current frame = 31 LibClamAV debug: lzx_decompress: current frame = 32 LibClamAV debug: lzx_decompress: current frame = 33 LibClamAV debug: CAB: Length from header 274432 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 887e758f5267b616905f0168b39d16d5 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 3e090 LibClamAV debug: cli_peheader: parsing version info @ rva 3e090 (1/1) LibClamAV debug: VersionInfo (3d13e): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (3d18e): 'FileDescription'='InstallShield (R) Script Engine' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c00640020002800520029002000530063007200690070007400200045006e00670069006e0065000000 LibClamAV debug: VersionInfo (3d1f6): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (3d22e): 'InternalName'='Engine' - VI:49006e007400650072006e0061006c004e0061006d006500000045006e00670069006e00650000000000 LibClamAV debug: VersionInfo (3d25e): 'OriginalFilename'='IScript.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d006500000049005300630072006900700074002e0064006c006c000000 LibClamAV debug: VersionInfo (3d29e): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (3d31a): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (3d35e): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: e_lfanew == 256 LibClamAV debug: File type: DLL LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 5 LibClamAV debug: TimeDateStamp: Mon Apr 4 06:01:26 2005 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x2d000 LibClamAV debug: SizeOfInitializedData: 0x16000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x21b5d LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x44000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x2ce5a 0x2d000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x2d000 0x2d000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x9374 0xa000 LibClamAV debug: VirtualAddress: 0x2e000 0x2e000 LibClamAV debug: SizeOfRawData: 0xa000 0xa000 LibClamAV debug: PointerToRawData: 0x2e000 0x2e000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x5de4 0x6000 LibClamAV debug: VirtualAddress: 0x38000 0x38000 LibClamAV debug: SizeOfRawData: 0x5000 0x5000 LibClamAV debug: PointerToRawData: 0x38000 0x38000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x460 0x1000 LibClamAV debug: VirtualAddress: 0x3e000 0x3e000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x3d000 0x3d000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .reloc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x4bfc 0x5000 LibClamAV debug: VirtualAddress: 0x3f000 0x3f000 LibClamAV debug: SizeOfRawData: 0x5000 0x5000 LibClamAV debug: PointerToRawData: 0x3e000 0x3e000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x21b5d (138077) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 887e758f5267b616905f0168b39d16d5 (level 0) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IUser*dll:0:184320:0:4:0:(nil) LibClamAV debug: CAB: Extracting file IUser*dll to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-b6e61a12a7c20cc9f012c69c6b59e85b.tmp, size 184320, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 40 LibClamAV debug: lzx_decompress: current frame = 34 LibClamAV debug: lzx_decompress: current frame = 35 LibClamAV debug: lzx_decompress: current frame = 36 LibClamAV debug: lzx_decompress: current frame = 37 LibClamAV debug: lzx_decompress: current frame = 38 LibClamAV debug: lzx_decompress: current frame = 39 LibClamAV debug: CAB: Length from header 184320 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: f77a9df6057ef2998e656a236b08e768 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 291f8 LibClamAV debug: cli_peheader: parsing version info @ rva 291f8 (1/1) LibClamAV debug: VersionInfo (28806): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (28856): 'FileDescription'='InstallShield (R) User DLL' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c006400200028005200290020005500730065007200200044004c004c0000000000 LibClamAV debug: VersionInfo (288b6): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (288ee): 'InternalName'='User' - VI:49006e007400650072006e0061006c004e0061006d0065000000550073006500720000000000 LibClamAV debug: VersionInfo (2891a): 'OriginalFilename'='IUser.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000490055007300650072002e0064006c006c000000 LibClamAV debug: VersionInfo (28956): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (289d2): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (28a16): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: e_lfanew == 272 LibClamAV debug: File type: DLL LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 5 LibClamAV debug: TimeDateStamp: Mon Apr 4 06:00:50 2005 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x1d000 LibClamAV debug: SizeOfInitializedData: 0x11000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x132d9 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x2f000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1cf25 0x1d000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x1d000 0x1d000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x4cd2 0x5000 LibClamAV debug: VirtualAddress: 0x1e000 0x1e000 LibClamAV debug: SizeOfRawData: 0x5000 0x5000 LibClamAV debug: PointerToRawData: 0x1e000 0x1e000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x5564 0x6000 LibClamAV debug: VirtualAddress: 0x23000 0x23000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x23000 0x23000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1b30 0x2000 LibClamAV debug: VirtualAddress: 0x29000 0x29000 LibClamAV debug: SizeOfRawData: 0x2000 0x2000 LibClamAV debug: PointerToRawData: 0x27000 0x27000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .reloc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x32ac 0x4000 LibClamAV debug: VirtualAddress: 0x2b000 0x2b000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x29000 0x29000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x132d9 (78553) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: f77a9df6057ef2998e656a236b08e768 (level 0) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:objectps*dll:0:32768:0:5:0:(nil) LibClamAV debug: CAB: Extracting file objectps*dll to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-01cb7d4fbdc7851733c783db9eea1f8b.tmp, size 32768, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 41 LibClamAV debug: lzx_decompress: current frame = 40 LibClamAV debug: CAB: Length from header 32768 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: b6d770559ec6b834bb2357fd5deaf218 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 6048 LibClamAV debug: cli_peheader: parsing version info @ rva 6048 (1/1) LibClamAV debug: VersionInfo (60fe): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (614e): 'FileDescription'='InstallShield (R) ObjectPS DLL' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c006400200028005200290020004f0062006a0065006300740050005300200044004c004c0000000000 LibClamAV debug: VersionInfo (61b6): 'InternalName'='Object' - VI:49006e007400650072006e0061006c004e0061006d00650000004f0062006a0065006300740000000000 LibClamAV debug: VersionInfo (61e6): 'OriginalFilename'='objectps.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d00650000006f0062006a00650063007400700073002e0064006c006c0000000000 LibClamAV debug: VersionInfo (622a): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (6262): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (62de): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (6322): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: e_lfanew == 224 LibClamAV debug: File type: DLL LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 6 LibClamAV debug: TimeDateStamp: Mon Apr 4 05:57:14 2005 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x3000 LibClamAV debug: SizeOfInitializedData: 0x4000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x3070 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x8000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .orpc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1070 0x2000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x2000 0x2000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x342 0x1000 LibClamAV debug: VirtualAddress: 0x3000 0x3000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x3000 0x3000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x985 0x1000 LibClamAV debug: VirtualAddress: 0x4000 0x4000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x4000 0x4000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x2c 0x1000 LibClamAV debug: VirtualAddress: 0x5000 0x5000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x5000 0x5000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x3b8 0x1000 LibClamAV debug: VirtualAddress: 0x6000 0x6000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x6000 0x6000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 5 LibClamAV debug: Section name: .reloc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x2e8 0x1000 LibClamAV debug: VirtualAddress: 0x7000 0x7000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x7000 0x7000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x3070 (12400) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: b6d770559ec6b834bb2357fd5deaf218 (level 0) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:DotNetInstaller*exe:0:5632:0:6:0:(nil) LibClamAV debug: CAB: Extracting file DotNetInstaller*exe to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-1e028316f565a07cfdb8bcfe3f4c9fcb.tmp, size 5632, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: CAB: Length from header 5632 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: d186d961e211e4fd7f7c3a02a864cbe5 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 0, rva: 4048 LibClamAV debug: cli_peheader: parsing version info @ rva 4048 (1/1) LibClamAV debug: VersionInfo (f3a): 'Comments'='Installer support for .NET' - VI:43006f006d006d0065006e0074007300000049006e007300740061006c006c0065007200200073007500700070006f0072007400200066006f00720020002e004e004500540000000000 LibClamAV debug: VersionInfo (f8a): 'CompanyName'='InstallShield Software Corporation' - VI:43006f006d00700061006e0079004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c006400200053006f00660074007700610072006500200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (ff2): 'FileDescription'='DotNetInstaller' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000044006f0074004e006500740049006e007300740061006c006c00650072000000 LibClamAV debug: VersionInfo (103a): 'FileVersion'='11.0.0.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e0030002e0030002e003200380038003400340000000000 LibClamAV debug: VersionInfo (1076): 'InternalName'='dotnetinstaller.exe' - VI:49006e007400650072006e0061006c004e0061006d006500000064006f0074006e006500740069006e007300740061006c006c00650072002e006500780065000000 LibClamAV debug: VersionInfo (10be): 'LegalCopyright'='Copyright (C) 1990-2002 InstallShield Software Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000280043002900200031003900390030002d003200300030003200200049006e007300740061006c006c0053006800690065006c006400200053006f00660074007700610072006500200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (115a): 'LegalTrademarks'=' ' - VI:4c006500670061006c00540072006100640065006d00610072006b0073000000000020000000 LibClamAV debug: VersionInfo (1186): 'OriginalFilename'='dotnetinstaller.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d006500000064006f0074006e006500740069006e007300740061006c006c00650072002e006500780065000000 LibClamAV debug: VersionInfo (11d6): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (121a): 'ProductVersion'='11.0.0.28844' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e0030002e0030002e003200380038003400340000000000 LibClamAV debug: VersionInfo (125a): 'Assembly Version'='11.0.0.28844' - VI:41007300730065006d0062006c0079002000560065007200730069006f006e000000310031002e0030002e0030002e003200380038003400340000000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 11, capacity: 64 LibClamAV debug: e_lfanew == 128 LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 3 LibClamAV debug: TimeDateStamp: Mon Apr 4 05:59:50 2005 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0xc00 LibClamAV debug: SizeOfInitializedData: 0x800 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x2a1e LibClamAV debug: BaseOfCode: 0x2000 LibClamAV debug: SectionAlignment: 0x2000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x8000 LibClamAV debug: SizeOfHeaders: 0x200 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 console LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0xa24 0x2000 LibClamAV debug: VirtualAddress: 0x2000 0x2000 LibClamAV debug: SizeOfRawData: 0xc00 0xc00 LibClamAV debug: PointerToRawData: 0x200 0x200 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x498 0x2000 LibClamAV debug: VirtualAddress: 0x4000 0x4000 LibClamAV debug: SizeOfRawData: 0x600 0x600 LibClamAV debug: PointerToRawData: 0xe00 0xe00 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .reloc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0xc 0x2000 LibClamAV debug: VirtualAddress: 0x6000 0x6000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x1400 0x1400 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0xc1e (3102) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: d186d961e211e4fd7f7c3a02a864cbe5 (level 0) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:iKernel*rgs:0:38081:0:7:0:(nil) LibClamAV debug: CAB: Extracting file iKernel*rgs to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-32f384b243fbb5ce90a990ec6ef03ad8.tmp, size 38081, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 42 LibClamAV debug: lzx_decompress: current frame = 41 LibClamAV debug: CAB: Length from header 38081 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: a698fd50e6c7492a263967a1e026cbb3 is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: a698fd50e6c7492a263967a1e026cbb3 (level 0) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISProBE9x*tlb:0:128868:0:8:0:(nil) LibClamAV debug: CAB: Extracting file ISProBE9x*tlb to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-2c7cc307cd0a953d826a5288da561349.tmp, size 128868, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 46 LibClamAV debug: lzx_decompress: current frame = 42 LibClamAV debug: lzx_decompress: current frame = 43 LibClamAV debug: lzx_decompress: current frame = 44 LibClamAV debug: lzx_decompress: current frame = 45 LibClamAV debug: CAB: Length from header 128868 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: a52fc1b8942af75961107cfd02a71be1 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: a52fc1b8942af75961107cfd02a71be1 (level 0) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISProBENT*tlb:0:117820:0:9:0:(nil) LibClamAV debug: CAB: Extracting file ISProBENT*tlb to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-394d1ef34e428cca5f5c1fab56d43356.tmp, size 117820, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 49 LibClamAV debug: lzx_decompress: current frame = 46 LibClamAV debug: lzx_decompress: current frame = 47 LibClamAV debug: lzx_decompress: current frame = 48 LibClamAV debug: CAB: Length from header 117820 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: d943779e389eb8f3ce4d8259be29f8e5 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: d943779e389eb8f3ce4d8259be29f8e5 (level 0) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISBEW64*rgs:0:570:0:10:0:(nil) LibClamAV debug: CAB: Extracting file ISBEW64*rgs to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-9fe7aed7962bc5a43875ed6f1fe11229.tmp, size 570, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 50 LibClamAV debug: lzx_decompress: current frame = 49 LibClamAV debug: CAB: Length from header 570 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: 3037b900afcc5fce6e55c950a6b7d112 is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 3037b900afcc5fce6e55c950a6b7d112 (level 0) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IsBEW64*tlb:0:2420:0:11:0:(nil) LibClamAV debug: CAB: Extracting file IsBEW64*tlb to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-f1b88a3f5e20bb0688b050428339a7bf.tmp, size 2420, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: CAB: Length from header 2420 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: ea448d96f2751ef78e0d5fda86f3d143 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: ea448d96f2751ef78e0d5fda86f3d143 (level 0) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISBEW64*exe:0:124416:0:12:0:(nil) LibClamAV debug: CAB: Extracting file ISBEW64*exe to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-966f953c8c75a4ab86e5f1feb28778da.tmp, size 124416, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 53 LibClamAV debug: lzx_decompress: current frame = 50 LibClamAV debug: lzx_decompress: current frame = 51 LibClamAV debug: lzx_decompress: current frame = 52 LibClamAV debug: CAB: Length from header 124416 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: f60b80ee71d018e8659f7715be13aba8 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 28090 LibClamAV debug: cli_peheader: parsing version info @ rva 28090 (1/1) LibClamAV debug: VersionInfo (1e13e): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (1e18e): 'FileDescription'='InstallShield (R) 64-bit Setup Engine' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c00640020002800520029002000360034002d00620069007400200053006500740075007000200045006e00670069006e0065000000 LibClamAV debug: VersionInfo (1e202): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (1e23a): 'InternalName'='Kernel' - VI:49006e007400650072006e0061006c004e0061006d00650000004b00650072006e0065006c0000000000 LibClamAV debug: VersionInfo (1e26a): 'OriginalFilename'='ISBEW64.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d006500000049005300420045005700360034002e006500780065000000 LibClamAV debug: VersionInfo (1e2aa): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (1e326): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (1e36a): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: e_lfanew == 240 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: IA64 LibClamAV debug: NumberOfSections: 7 LibClamAV debug: TimeDateStamp: Mon Apr 4 06:00:07 2005 LibClamAV debug: SizeOfOptionalHeader: f0 LibClamAV debug: File format: PE32+ LibClamAV debug: MajorLinkerVersion: 7 LibClamAV debug: MinorLinkerVersion: 10 LibClamAV debug: SizeOfCode: 0x16200 LibClamAV debug: SizeOfInitializedData: 0x8800 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x1a808 LibClamAV debug: BaseOfCode: 0x2000 LibClamAV debug: SectionAlignment: 0x2000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 5 LibClamAV debug: MinorSubsystemVersion: 1 LibClamAV debug: SizeOfImage: 0x2a000 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x161a0 0x18000 LibClamAV debug: VirtualAddress: 0x2000 0x2000 LibClamAV debug: SizeOfRawData: 0x16200 0x16200 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x53c8 0x6000 LibClamAV debug: VirtualAddress: 0x1a000 0x1a000 LibClamAV debug: SizeOfRawData: 0x5400 0x5400 LibClamAV debug: PointerToRawData: 0x16600 0x16600 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .pdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0xb58 0x2000 LibClamAV debug: VirtualAddress: 0x20000 0x20000 LibClamAV debug: SizeOfRawData: 0xc00 0xc00 LibClamAV debug: PointerToRawData: 0x1ba00 0x1ba00 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .srdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x3a4 0x2000 LibClamAV debug: VirtualAddress: 0x22000 0x22000 LibClamAV debug: SizeOfRawData: 0x400 0x400 LibClamAV debug: PointerToRawData: 0x1c600 0x1c600 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .sdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x618 0x2000 LibClamAV debug: VirtualAddress: 0x24000 0x24000 LibClamAV debug: SizeOfRawData: 0x600 0x600 LibClamAV debug: PointerToRawData: 0x1ca00 0x1ca00 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 5 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1580 0x2000 LibClamAV debug: VirtualAddress: 0x26000 0x26000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x1d000 0x1d000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 6 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x440 0x2000 LibClamAV debug: VirtualAddress: 0x28000 0x28000 LibClamAV debug: SizeOfRawData: 0x600 0x600 LibClamAV debug: PointerToRawData: 0x1e000 0x1e000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x16e08 (93704) LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: f60b80ee71d018e8659f7715be13aba8 (level 0) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISBEW64A*exe:0:63488:0:13:0:(nil) LibClamAV debug: CAB: Extracting file ISBEW64A*exe to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-52fc1ade86eea933ae8a5b2bddcb3448.tmp, size 63488, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 55 LibClamAV debug: lzx_decompress: current frame = 53 LibClamAV debug: lzx_decompress: current frame = 54 LibClamAV debug: CAB: Length from header 63488 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: bb0f3eb5117f6de265e6aff38c2afa9e is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 12090 LibClamAV debug: cli_peheader: parsing version info @ rva 12090 (1/1) LibClamAV debug: VersionInfo (f33e): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (f38e): 'FileDescription'='InstallShield (R) 64-bit Setup Engine' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c00640020002800520029002000360034002d00620069007400200053006500740075007000200045006e00670069006e0065000000 LibClamAV debug: VersionInfo (f402): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (f43a): 'InternalName'='Kernel' - VI:49006e007400650072006e0061006c004e0061006d00650000004b00650072006e0065006c0000000000 LibClamAV debug: VersionInfo (f46a): 'OriginalFilename'='ISBEW64.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d006500000049005300420045005700360034002e006500780065000000 LibClamAV debug: VersionInfo (f4aa): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (f526): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (f56a): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: e_lfanew == 248 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: AMD64 LibClamAV debug: NumberOfSections: 5 LibClamAV debug: TimeDateStamp: Mon Apr 4 06:00:25 2005 LibClamAV debug: SizeOfOptionalHeader: f0 LibClamAV debug: File format: PE32+ LibClamAV debug: MajorLinkerVersion: 8 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x9600 LibClamAV debug: SizeOfInitializedData: 0x6a00 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x56c0 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 5 LibClamAV debug: MinorSubsystemVersion: 2 LibClamAV debug: SizeOfImage: 0x13000 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x951c 0xa000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x9600 0x9600 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x3e30 0x4000 LibClamAV debug: VirtualAddress: 0xb000 0xb000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x9a00 0x9a00 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1478 0x2000 LibClamAV debug: VirtualAddress: 0xf000 0xf000 LibClamAV debug: SizeOfRawData: 0xa00 0xa00 LibClamAV debug: PointerToRawData: 0xda00 0xda00 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .pdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0xcb4 0x1000 LibClamAV debug: VirtualAddress: 0x11000 0x11000 LibClamAV debug: SizeOfRawData: 0xe00 0xe00 LibClamAV debug: PointerToRawData: 0xe400 0xe400 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x440 0x1000 LibClamAV debug: VirtualAddress: 0x12000 0x12000 LibClamAV debug: SizeOfRawData: 0x600 0x600 LibClamAV debug: PointerToRawData: 0xf200 0xf200 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x4ac0 (19136) LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: bb0f3eb5117f6de265e6aff38c2afa9e (level 0) LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: e_lfanew == 256 LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 1 LibClamAV debug: TimeDateStamp: Sat Apr 16 18:54:57 2005 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 2 LibClamAV debug: MinorLinkerVersion: 25 LibClamAV debug: SizeOfCode: 0x400 LibClamAV debug: SizeOfInitializedData: 0x600 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x1040 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 3 LibClamAV debug: MinorSubsystemVersion: 10 LibClamAV debug: SizeOfImage: 0x2000 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: [CLAMAV] LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x1 0x0 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x40 (64) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: e7d69e3a0825c65b215b0ed482a3f089 (level 0) LibClamAV debug: e_lfanew == 232 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 4 LibClamAV debug: TimeDateStamp: Mon Apr 4 06:05:10 2005 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x10a00 LibClamAV debug: SizeOfInitializedData: 0xb600 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0xce17 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x1f000 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1091e 0x11000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x10a00 0x10a00 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x17f0 0x2000 LibClamAV debug: VirtualAddress: 0x12000 0x12000 LibClamAV debug: SizeOfRawData: 0x1800 0x1800 LibClamAV debug: PointerToRawData: 0x10e00 0x10e00 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x17c4 0x2000 LibClamAV debug: VirtualAddress: 0x14000 0x14000 LibClamAV debug: SizeOfRawData: 0x1600 0x1600 LibClamAV debug: PointerToRawData: 0x12600 0x12600 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x8420 0x9000 LibClamAV debug: VirtualAddress: 0x16000 0x16000 LibClamAV debug: SizeOfRawData: 0x8600 0x8600 LibClamAV debug: PointerToRawData: 0x13c00 0x13c00 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0xc217 (49687) LibClamAV debug: ishield: @1c224 found file clam.exe (Disk1\clam.exe) - version 0.0.0.0 - size 544 LibClamAV debug: CDBNAME:CL_TYPE_ANY:544:clam.exe:544:544:0:0:0:(nil) LibClamAV debug: ishield: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-c94dd7273102bf17fdbf291b803e4707.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: a54c20ccd89a41329f3feeca0df4a8b3:1748612:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 235bb0bcf01b767d5cf5570027c93f6b is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 41f, rva: 165f0 LibClamAV debug: cli_peheader: parsing version info @ rva 165f0 (1/1) LibClamAV debug: VersionInfo (16186): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (161d6): 'FileDescription'='Setup.exe' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000530065007400750070002e006500780065000000 LibClamAV debug: VersionInfo (16212): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (1624a): 'InternalName'='Setup' - VI:49006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000 LibClamAV debug: VersionInfo (16276): 'OriginalFilename'='Setup.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e006500780065000000 LibClamAV debug: VersionInfo (162b2): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (1632e): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (16372): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type CAB-SFX at 471993 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: CAB/CAB-SFX signature found at 471993 LibClamAV debug: in cli_scanmscab() LibClamAV debug: CAB: -------------- Cabinet file ---------------- LibClamAV debug: CAB: Cabinet length: 543349 LibClamAV debug: CAB: Folders: 1 LibClamAV debug: CAB: Files: 13 LibClamAV debug: CAB: File format version: 1.3 LibClamAV debug: CAB: Folder record 0 LibClamAV debug: CAB: Folder offset: 472410 LibClamAV debug: CAB: Folder compression method: 5379 LibClamAV debug: CAB: Recorded folders: 1 LibClamAV debug: CAB: File record 0 LibClamAV debug: CAB: File name: IKernel*dll LibClamAV debug: CAB: File offset: 0 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 1 LibClamAV debug: CAB: File name: ctor*dll LibClamAV debug: CAB: File offset: 753664 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 2 LibClamAV debug: CAB: File name: IScript*dll LibClamAV debug: CAB: File offset: 823378 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 3 LibClamAV debug: CAB: File name: IUser*dll LibClamAV debug: CAB: File offset: 1097810 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 4 LibClamAV debug: CAB: File name: objectps*dll LibClamAV debug: CAB: File offset: 1282130 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 5 LibClamAV debug: CAB: File name: DotNetInstaller*exe LibClamAV debug: CAB: File offset: 1314898 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 6 LibClamAV debug: CAB: File name: iKernel*rgs LibClamAV debug: CAB: File offset: 1320530 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 7 LibClamAV debug: CAB: File name: ISProBE9x*tlb LibClamAV debug: CAB: File offset: 1358611 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 8 LibClamAV debug: CAB: File name: ISProBENT*tlb LibClamAV debug: CAB: File offset: 1487479 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 9 LibClamAV debug: CAB: File name: ISBEW64*rgs LibClamAV debug: CAB: File offset: 1605299 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 10 LibClamAV debug: CAB: File name: IsBEW64*tlb LibClamAV debug: CAB: File offset: 1605869 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 11 LibClamAV debug: CAB: File name: ISBEW64*exe LibClamAV debug: CAB: File offset: 1608289 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 12 LibClamAV debug: CAB: File name: ISBEW64A*exe LibClamAV debug: CAB: File offset: 1732705 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IKernel*dll:0:753664:0:1:0:(nil) LibClamAV debug: CAB: Extracting file IKernel*dll to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-8c162ecac7516911c62174bd94faa344.tmp, size 753664, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 24 LibClamAV debug: lzx_decompress: current frame = 0 LibClamAV debug: lzx_decompress: current frame = 1 LibClamAV debug: lzx_decompress: current frame = 2 LibClamAV debug: lzx_decompress: current frame = 3 LibClamAV debug: lzx_decompress: current frame = 4 LibClamAV debug: lzx_decompress: current frame = 5 LibClamAV debug: lzx_decompress: current frame = 6 LibClamAV debug: lzx_decompress: current frame = 7 LibClamAV debug: lzx_decompress: current frame = 8 LibClamAV debug: lzx_decompress: current frame = 9 LibClamAV debug: lzx_decompress: current frame = 10 LibClamAV debug: lzx_decompress: current frame = 11 LibClamAV debug: lzx_decompress: current frame = 12 LibClamAV debug: lzx_decompress: current frame = 13 LibClamAV debug: lzx_decompress: current frame = 14 LibClamAV debug: lzx_decompress: current frame = 15 LibClamAV debug: lzx_decompress: current frame = 16 LibClamAV debug: lzx_decompress: current frame = 17 LibClamAV debug: lzx_decompress: current frame = 18 LibClamAV debug: lzx_decompress: current frame = 19 LibClamAV debug: lzx_decompress: current frame = 20 LibClamAV debug: lzx_decompress: current frame = 21 LibClamAV debug: lzx_decompress: current frame = 22 LibClamAV debug: lzx_decompress: current frame = 23 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 594678e8fc20d430eb7bd2de53f8f307 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ctor*dll:0:69714:0:2:0:(nil) LibClamAV debug: CAB: Extracting file ctor*dll to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-f121525ed57f85f3e06cc0521cb3c101.tmp, size 69714, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 26 LibClamAV debug: lzx_decompress: current frame = 24 LibClamAV debug: lzx_decompress: current frame = 25 LibClamAV debug: CAB: Length from header 69714 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 34fc187d14c58d715804983399f5faad is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IScript*dll:0:274432:0:3:0:(nil) LibClamAV debug: CAB: Extracting file IScript*dll to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-65855ede681f08646ba4cbff4e4f0154.tmp, size 274432, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 34 LibClamAV debug: lzx_decompress: current frame = 26 LibClamAV debug: lzx_decompress: current frame = 27 LibClamAV debug: lzx_decompress: current frame = 28 LibClamAV debug: lzx_decompress: current frame = 29 LibClamAV debug: lzx_decompress: current frame = 30 LibClamAV debug: lzx_decompress: current frame = 31 LibClamAV debug: lzx_decompress: current frame = 32 LibClamAV debug: lzx_decompress: current frame = 33 LibClamAV debug: CAB: Length from header 274432 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 887e758f5267b616905f0168b39d16d5 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IUser*dll:0:184320:0:4:0:(nil) LibClamAV debug: CAB: Extracting file IUser*dll to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-c58cd6675e3a1ed27056077f5e09ecd0.tmp, size 184320, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 40 LibClamAV debug: lzx_decompress: current frame = 34 LibClamAV debug: lzx_decompress: current frame = 35 LibClamAV debug: lzx_decompress: current frame = 36 LibClamAV debug: lzx_decompress: current frame = 37 LibClamAV debug: lzx_decompress: current frame = 38 LibClamAV debug: lzx_decompress: current frame = 39 LibClamAV debug: CAB: Length from header 184320 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: f77a9df6057ef2998e656a236b08e768 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:objectps*dll:0:32768:0:5:0:(nil) LibClamAV debug: CAB: Extracting file objectps*dll to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-64d1a5f5607dd4f28f14dec313ace1dd.tmp, size 32768, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 41 LibClamAV debug: lzx_decompress: current frame = 40 LibClamAV debug: CAB: Length from header 32768 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: b6d770559ec6b834bb2357fd5deaf218 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:DotNetInstaller*exe:0:5632:0:6:0:(nil) LibClamAV debug: CAB: Extracting file DotNetInstaller*exe to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-3e907966d6d25a305b24ffd5b443becc.tmp, size 5632, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: CAB: Length from header 5632 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: d186d961e211e4fd7f7c3a02a864cbe5 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:iKernel*rgs:0:38081:0:7:0:(nil) LibClamAV debug: CAB: Extracting file iKernel*rgs to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-90fd35e37c29184ed233269826d28602.tmp, size 38081, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 42 LibClamAV debug: lzx_decompress: current frame = 41 LibClamAV debug: CAB: Length from header 38081 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: a698fd50e6c7492a263967a1e026cbb3 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISProBE9x*tlb:0:128868:0:8:0:(nil) LibClamAV debug: CAB: Extracting file ISProBE9x*tlb to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-df8b485f7559733d36225a80aba2a795.tmp, size 128868, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 46 LibClamAV debug: lzx_decompress: current frame = 42 LibClamAV debug: lzx_decompress: current frame = 43 LibClamAV debug: lzx_decompress: current frame = 44 LibClamAV debug: lzx_decompress: current frame = 45 LibClamAV debug: CAB: Length from header 128868 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: a52fc1b8942af75961107cfd02a71be1 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISProBENT*tlb:0:117820:0:9:0:(nil) LibClamAV debug: CAB: Extracting file ISProBENT*tlb to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-8a4c87167f2509fb7df117270afbee82.tmp, size 117820, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 49 LibClamAV debug: lzx_decompress: current frame = 46 LibClamAV debug: lzx_decompress: current frame = 47 LibClamAV debug: lzx_decompress: current frame = 48 LibClamAV debug: CAB: Length from header 117820 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: d943779e389eb8f3ce4d8259be29f8e5 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISBEW64*rgs:0:570:0:10:0:(nil) LibClamAV debug: CAB: Extracting file ISBEW64*rgs to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-b2ca34c7f948909d3782c213affd073f.tmp, size 570, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 50 LibClamAV debug: lzx_decompress: current frame = 49 LibClamAV debug: CAB: Length from header 570 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: 3037b900afcc5fce6e55c950a6b7d112 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IsBEW64*tlb:0:2420:0:11:0:(nil) LibClamAV debug: CAB: Extracting file IsBEW64*tlb to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-988e181aa5dfcdf8787dc005d4754a69.tmp, size 2420, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: CAB: Length from header 2420 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: ea448d96f2751ef78e0d5fda86f3d143 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISBEW64*exe:0:124416:0:12:0:(nil) LibClamAV debug: CAB: Extracting file ISBEW64*exe to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-dcf806020b740f0c323cad94a40915ef.tmp, size 124416, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 53 LibClamAV debug: lzx_decompress: current frame = 50 LibClamAV debug: lzx_decompress: current frame = 51 LibClamAV debug: lzx_decompress: current frame = 52 LibClamAV debug: CAB: Length from header 124416 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: f60b80ee71d018e8659f7715be13aba8 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISBEW64A*exe:0:63488:0:13:0:(nil) LibClamAV debug: CAB: Extracting file ISBEW64A*exe to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-017e167e90ba2193f52d235f1c608dd7.tmp, size 63488, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 55 LibClamAV debug: lzx_decompress: current frame = 53 LibClamAV debug: lzx_decompress: current frame = 54 LibClamAV debug: CAB: Length from header 63488 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: bb0f3eb5117f6de265e6aff38c2afa9e is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 41f, rva: 165f0 LibClamAV debug: cli_peheader: parsing version info @ rva 165f0 (1/1) LibClamAV debug: VersionInfo (16186): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (161d6): 'FileDescription'='Setup.exe' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000530065007400750070002e006500780065000000 LibClamAV debug: VersionInfo (16212): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (1624a): 'InternalName'='Setup' - VI:49006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000 LibClamAV debug: VersionInfo (16276): 'OriginalFilename'='Setup.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e006500780065000000 LibClamAV debug: VersionInfo (162b2): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (1632e): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (16372): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: *** Detected embedded PE file at 1016015 *** LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: a63fe77037d042c8690ed49557977a8c is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 41f, rva: 165f0 LibClamAV debug: cli_peheader: parsing version info @ rva 165f0 (1/1) LibClamAV debug: VersionInfo (16186): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (161d6): 'FileDescription'='Setup.exe' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000530065007400750070002e006500780065000000 LibClamAV debug: VersionInfo (16212): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (1624a): 'InternalName'='Setup' - VI:49006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000 LibClamAV debug: VersionInfo (16276): 'OriginalFilename'='Setup.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e006500780065000000 LibClamAV debug: VersionInfo (162b2): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (1632e): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (16372): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: e_lfanew == 232 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 4 LibClamAV debug: TimeDateStamp: Mon Apr 4 06:05:10 2005 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x10a00 LibClamAV debug: SizeOfInitializedData: 0xb600 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0xce17 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x1f000 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1091e 0x11000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x10a00 0x10a00 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x17f0 0x2000 LibClamAV debug: VirtualAddress: 0x12000 0x12000 LibClamAV debug: SizeOfRawData: 0x1800 0x1800 LibClamAV debug: PointerToRawData: 0x10e00 0x10e00 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x17c4 0x2000 LibClamAV debug: VirtualAddress: 0x14000 0x14000 LibClamAV debug: SizeOfRawData: 0x1600 0x1600 LibClamAV debug: PointerToRawData: 0x12600 0x12600 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x8420 0x9000 LibClamAV debug: VirtualAddress: 0x16000 0x16000 LibClamAV debug: SizeOfRawData: 0x8600 0x8600 LibClamAV debug: PointerToRawData: 0x13c00 0x13c00 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0xc217 (49687) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: a63fe77037d042c8690ed49557977a8c (level 0) LibClamAV debug: e_lfanew == 232 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 4 LibClamAV debug: TimeDateStamp: Mon Apr 4 06:05:10 2005 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x10a00 LibClamAV debug: SizeOfInitializedData: 0xb600 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0xce17 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x1f000 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1091e 0x11000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x10a00 0x10a00 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x17f0 0x2000 LibClamAV debug: VirtualAddress: 0x12000 0x12000 LibClamAV debug: SizeOfRawData: 0x1800 0x1800 LibClamAV debug: PointerToRawData: 0x10e00 0x10e00 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x17c4 0x2000 LibClamAV debug: VirtualAddress: 0x14000 0x14000 LibClamAV debug: SizeOfRawData: 0x1600 0x1600 LibClamAV debug: PointerToRawData: 0x12600 0x12600 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x8420 0x9000 LibClamAV debug: VirtualAddress: 0x16000 0x16000 LibClamAV debug: SizeOfRawData: 0x8600 0x8600 LibClamAV debug: PointerToRawData: 0x13c00 0x13c00 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0xc217 (49687) LibClamAV debug: ishield: @1c229 found file data1.cab (Disk1\data1.cab) - version 0.0.0.0 - size 345386 LibClamAV debug: CDBNAME:CL_TYPE_ANY:345386:data1.cab:345386:345386:0:0:0:(nil) LibClamAV debug: ishield: added data1.cab to array LibClamAV debug: ishield: @7077b found file data1.hdr (Disk1\data1.hdr) - version 0.0.0.0 - size 10471 LibClamAV debug: CDBNAME:CL_TYPE_ANY:10471:data1.hdr:10471:10471:0:1:0:(nil) LibClamAV debug: ishield: added data1.hdr to array LibClamAV debug: ishield: @73088 found file data2.cab (Disk1\data2.cab) - version 0.0.0.0 - size 770 LibClamAV debug: CDBNAME:CL_TYPE_ANY:770:data2.cab:770:770:0:2:0:(nil) LibClamAV debug: ishield: added data2.cab to array LibClamAV debug: ishield: @733b9 found file engine32.cab (Disk1\engine32.cab) - version 0.0.0.0 - size 543481 LibClamAV debug: CDBNAME:CL_TYPE_ANY:543481:engine32.cab:543481:543481:0:3:0:(nil) LibClamAV debug: ishield: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-1bccb6901f08d26cfe2eeaaf500aa0e4.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS CAB file LibClamAV debug: cache_check: f1388bda22a24abcdb0324903411bf7f is negative LibClamAV debug: in cli_scanmscab() LibClamAV debug: CAB: -------------- Cabinet file ---------------- LibClamAV debug: CAB: Cabinet length: 543349 LibClamAV debug: CAB: Folders: 1 LibClamAV debug: CAB: Files: 13 LibClamAV debug: CAB: File format version: 1.3 LibClamAV debug: CAB: Folder record 0 LibClamAV debug: CAB: Folder offset: 417 LibClamAV debug: CAB: Folder compression method: 5379 LibClamAV debug: CAB: Recorded folders: 1 LibClamAV debug: CAB: File record 0 LibClamAV debug: CAB: File name: IKernel*dll LibClamAV debug: CAB: File offset: 0 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 1 LibClamAV debug: CAB: File name: ctor*dll LibClamAV debug: CAB: File offset: 753664 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 2 LibClamAV debug: CAB: File name: IScript*dll LibClamAV debug: CAB: File offset: 823378 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 3 LibClamAV debug: CAB: File name: IUser*dll LibClamAV debug: CAB: File offset: 1097810 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 4 LibClamAV debug: CAB: File name: objectps*dll LibClamAV debug: CAB: File offset: 1282130 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 5 LibClamAV debug: CAB: File name: DotNetInstaller*exe LibClamAV debug: CAB: File offset: 1314898 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 6 LibClamAV debug: CAB: File name: iKernel*rgs LibClamAV debug: CAB: File offset: 1320530 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 7 LibClamAV debug: CAB: File name: ISProBE9x*tlb LibClamAV debug: CAB: File offset: 1358611 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 8 LibClamAV debug: CAB: File name: ISProBENT*tlb LibClamAV debug: CAB: File offset: 1487479 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 9 LibClamAV debug: CAB: File name: ISBEW64*rgs LibClamAV debug: CAB: File offset: 1605299 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 10 LibClamAV debug: CAB: File name: IsBEW64*tlb LibClamAV debug: CAB: File offset: 1605869 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 11 LibClamAV debug: CAB: File name: ISBEW64*exe LibClamAV debug: CAB: File offset: 1608289 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CAB: File record 12 LibClamAV debug: CAB: File name: ISBEW64A*exe LibClamAV debug: CAB: File offset: 1732705 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IKernel*dll:0:753664:0:1:0:(nil) LibClamAV debug: CAB: Extracting file IKernel*dll to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-9a37e318f8b6907ba1af3f9ce3a8bcb5.tmp, size 753664, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 24 LibClamAV debug: lzx_decompress: current frame = 0 LibClamAV debug: lzx_decompress: current frame = 1 LibClamAV debug: lzx_decompress: current frame = 2 LibClamAV debug: lzx_decompress: current frame = 3 LibClamAV debug: lzx_decompress: current frame = 4 LibClamAV debug: lzx_decompress: current frame = 5 LibClamAV debug: lzx_decompress: current frame = 6 LibClamAV debug: lzx_decompress: current frame = 7 LibClamAV debug: lzx_decompress: current frame = 8 LibClamAV debug: lzx_decompress: current frame = 9 LibClamAV debug: lzx_decompress: current frame = 10 LibClamAV debug: lzx_decompress: current frame = 11 LibClamAV debug: lzx_decompress: current frame = 12 LibClamAV debug: lzx_decompress: current frame = 13 LibClamAV debug: lzx_decompress: current frame = 14 LibClamAV debug: lzx_decompress: current frame = 15 LibClamAV debug: lzx_decompress: current frame = 16 LibClamAV debug: lzx_decompress: current frame = 17 LibClamAV debug: lzx_decompress: current frame = 18 LibClamAV debug: lzx_decompress: current frame = 19 LibClamAV debug: lzx_decompress: current frame = 20 LibClamAV debug: lzx_decompress: current frame = 21 LibClamAV debug: lzx_decompress: current frame = 22 LibClamAV debug: lzx_decompress: current frame = 23 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 594678e8fc20d430eb7bd2de53f8f307 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ctor*dll:0:69714:0:2:0:(nil) LibClamAV debug: CAB: Extracting file ctor*dll to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-aa3a6baf3d9b99fda71f5acf7d9b771b.tmp, size 69714, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 26 LibClamAV debug: lzx_decompress: current frame = 24 LibClamAV debug: lzx_decompress: current frame = 25 LibClamAV debug: CAB: Length from header 69714 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 34fc187d14c58d715804983399f5faad is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IScript*dll:0:274432:0:3:0:(nil) LibClamAV debug: CAB: Extracting file IScript*dll to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-25252f381af0a81c7978e1ee9a79489c.tmp, size 274432, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 34 LibClamAV debug: lzx_decompress: current frame = 26 LibClamAV debug: lzx_decompress: current frame = 27 LibClamAV debug: lzx_decompress: current frame = 28 LibClamAV debug: lzx_decompress: current frame = 29 LibClamAV debug: lzx_decompress: current frame = 30 LibClamAV debug: lzx_decompress: current frame = 31 LibClamAV debug: lzx_decompress: current frame = 32 LibClamAV debug: lzx_decompress: current frame = 33 LibClamAV debug: CAB: Length from header 274432 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 887e758f5267b616905f0168b39d16d5 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IUser*dll:0:184320:0:4:0:(nil) LibClamAV debug: CAB: Extracting file IUser*dll to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-e0c19921a44c3f5cc1aa698a83c317d8.tmp, size 184320, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 40 LibClamAV debug: lzx_decompress: current frame = 34 LibClamAV debug: lzx_decompress: current frame = 35 LibClamAV debug: lzx_decompress: current frame = 36 LibClamAV debug: lzx_decompress: current frame = 37 LibClamAV debug: lzx_decompress: current frame = 38 LibClamAV debug: lzx_decompress: current frame = 39 LibClamAV debug: CAB: Length from header 184320 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: f77a9df6057ef2998e656a236b08e768 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:objectps*dll:0:32768:0:5:0:(nil) LibClamAV debug: CAB: Extracting file objectps*dll to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-12b082ef174aa767f597a8a3fa62457f.tmp, size 32768, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 41 LibClamAV debug: lzx_decompress: current frame = 40 LibClamAV debug: CAB: Length from header 32768 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: b6d770559ec6b834bb2357fd5deaf218 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:DotNetInstaller*exe:0:5632:0:6:0:(nil) LibClamAV debug: CAB: Extracting file DotNetInstaller*exe to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-a25e9c956db94a0dd02af7a82a3d2bbe.tmp, size 5632, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: CAB: Length from header 5632 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: d186d961e211e4fd7f7c3a02a864cbe5 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:iKernel*rgs:0:38081:0:7:0:(nil) LibClamAV debug: CAB: Extracting file iKernel*rgs to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-7d2feef61c634b9b29a2aec056d180ac.tmp, size 38081, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 42 LibClamAV debug: lzx_decompress: current frame = 41 LibClamAV debug: CAB: Length from header 38081 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: a698fd50e6c7492a263967a1e026cbb3 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISProBE9x*tlb:0:128868:0:8:0:(nil) LibClamAV debug: CAB: Extracting file ISProBE9x*tlb to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-22ca5f16f94ab8d4fb444524d758d0fe.tmp, size 128868, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 46 LibClamAV debug: lzx_decompress: current frame = 42 LibClamAV debug: lzx_decompress: current frame = 43 LibClamAV debug: lzx_decompress: current frame = 44 LibClamAV debug: lzx_decompress: current frame = 45 LibClamAV debug: CAB: Length from header 128868 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: a52fc1b8942af75961107cfd02a71be1 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISProBENT*tlb:0:117820:0:9:0:(nil) LibClamAV debug: CAB: Extracting file ISProBENT*tlb to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-481ea0d3623b3e41833a87941752c263.tmp, size 117820, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 49 LibClamAV debug: lzx_decompress: current frame = 46 LibClamAV debug: lzx_decompress: current frame = 47 LibClamAV debug: lzx_decompress: current frame = 48 LibClamAV debug: CAB: Length from header 117820 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: d943779e389eb8f3ce4d8259be29f8e5 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISBEW64*rgs:0:570:0:10:0:(nil) LibClamAV debug: CAB: Extracting file ISBEW64*rgs to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-4ee48dad5cde33b05db6ff2903daa720.tmp, size 570, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 50 LibClamAV debug: lzx_decompress: current frame = 49 LibClamAV debug: CAB: Length from header 570 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: 3037b900afcc5fce6e55c950a6b7d112 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:IsBEW64*tlb:0:2420:0:11:0:(nil) LibClamAV debug: CAB: Extracting file IsBEW64*tlb to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-ef0d61dd4938f08d3d01b5ff6a9e76f8.tmp, size 2420, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: CAB: Length from header 2420 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: ea448d96f2751ef78e0d5fda86f3d143 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISBEW64*exe:0:124416:0:12:0:(nil) LibClamAV debug: CAB: Extracting file ISBEW64*exe to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-2cc2c5c99b4d3e1ba85934be8f209dc5.tmp, size 124416, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 53 LibClamAV debug: lzx_decompress: current frame = 50 LibClamAV debug: lzx_decompress: current frame = 51 LibClamAV debug: lzx_decompress: current frame = 52 LibClamAV debug: CAB: Length from header 124416 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: f60b80ee71d018e8659f7715be13aba8 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:ISBEW64A*exe:0:63488:0:13:0:(nil) LibClamAV debug: CAB: Extracting file ISBEW64A*exe to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-6836718879169eb0563e4541cdece21c.tmp, size 63488, max_size: 26214400 LibClamAV debug: CAB: Compression method: LZX LibClamAV debug: lzx_decompress: end frame = 55 LibClamAV debug: lzx_decompress: current frame = 53 LibClamAV debug: lzx_decompress: current frame = 54 LibClamAV debug: CAB: Length from header 63488 but wrote 0 bytes LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: bb0f3eb5117f6de265e6aff38c2afa9e is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: Matched signature for file type CAB-SFX at 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: f1388bda22a24abcdb0324903411bf7f (level 0) LibClamAV debug: ishield: @f7eda found file layout.bin (Disk1\layout.bin) - version 0.0.0.0 - size 455 LibClamAV debug: CDBNAME:CL_TYPE_ANY:455:layout.bin:455:455:0:4:0:(nil) LibClamAV debug: ishield: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-4305e17b395018cbf11356f4a701b066.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 3b70579cc5a5bab9b5e634404e4b719b is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 3b70579cc5a5bab9b5e634404e4b719b (level 0) LibClamAV debug: ishield: @f80cf found file setup.exe (Disk1\setup.exe) - version 11.0.0.28844 - size 121064 LibClamAV debug: CDBNAME:CL_TYPE_ANY:121064:setup.exe:121064:121064:0:5:0:(nil) LibClamAV debug: ishield: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-f9719724649b0f937bf5e05229d40993.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: bef1e6a9b97045ec3f2b9cf34acb6810 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 41f, rva: 165f0 LibClamAV debug: cli_peheader: parsing version info @ rva 165f0 (1/1) LibClamAV debug: VersionInfo (16186): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (161d6): 'FileDescription'='Setup.exe' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000530065007400750070002e006500780065000000 LibClamAV debug: VersionInfo (16212): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (1624a): 'InternalName'='Setup' - VI:49006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000 LibClamAV debug: VersionInfo (16276): 'OriginalFilename'='Setup.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e006500780065000000 LibClamAV debug: VersionInfo (162b2): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (1632e): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (16372): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: e_lfanew == 232 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 4 LibClamAV debug: TimeDateStamp: Mon Apr 4 06:05:10 2005 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x10a00 LibClamAV debug: SizeOfInitializedData: 0xb600 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0xce17 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x1f000 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1091e 0x11000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x10a00 0x10a00 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x17f0 0x2000 LibClamAV debug: VirtualAddress: 0x12000 0x12000 LibClamAV debug: SizeOfRawData: 0x1800 0x1800 LibClamAV debug: PointerToRawData: 0x10e00 0x10e00 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x17c4 0x2000 LibClamAV debug: VirtualAddress: 0x14000 0x14000 LibClamAV debug: SizeOfRawData: 0x1600 0x1600 LibClamAV debug: PointerToRawData: 0x12600 0x12600 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x8420 0x9000 LibClamAV debug: VirtualAddress: 0x16000 0x16000 LibClamAV debug: SizeOfRawData: 0x8600 0x8600 LibClamAV debug: PointerToRawData: 0x13c00 0x13c00 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0xc217 (49687) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: bef1e6a9b97045ec3f2b9cf34acb6810 (level 0) LibClamAV debug: ishield: @1159e0 found file setup.ibt (Disk1\setup.ibt) - version 0.0.0.0 - size 396011 LibClamAV debug: CDBNAME:CL_TYPE_ANY:396011:setup.ibt:396011:396011:0:6:0:(nil) LibClamAV debug: ishield: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-cf26da5401e6a127ff1b04e612150328.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized binary data LibClamAV debug: Matched signature for file type PE LibClamAV debug: cache_check: e443daa20aed702ba6f5f5f2343de989 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Invalid DOS signature LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: Invalid DOS signature LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: e443daa20aed702ba6f5f5f2343de989 (level 0) LibClamAV debug: ishield: @1764f1 found file setup.ini (Disk1\setup.ini) - version 0.0.0.0 - size 452 LibClamAV debug: CDBNAME:CL_TYPE_ANY:452:setup.ini:452:452:0:7:0:(nil) LibClamAV debug: ishield: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-b9ba1c346af61f207e74abf0a53d6986.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: 677bb0dbd503488e051b8ce98518270c is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 677bb0dbd503488e051b8ce98518270c (level 0) LibClamAV debug: is_parse_hdr: magic 49536328, unk1 950001, unk2 0, data_off 200, data_sz 921b0000 LibClamAV debug: is_parse_hdr: file \iKernel.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \Setup.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \DotNetInstaller.exe (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \iscript.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \ctor.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \iuser.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \IGDI.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \ISBEW64.exe (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \IsProBE.tlb (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \objectps.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \ISBEW64.tlb (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \IKernel.rgs (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \ISBEW64.rgs (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: skipped external file:\setup.inx (size: 210370 csize: 210370 md5:6045272582fa1efe9ea7ff1e888facd6) LibClamAV debug: is_parse_hdr: file \license.rtf (size: 11493 csize: 2605 md5:e7eb45e877c8cb80f56e9dbc9504e757 offset:200 (data1.cab) 13:20000000 14:83324ab4 15:1000000) LibClamAV debug: is_extract_cab: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-4e3e89e66516a1fcacd3adaee4031b67.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized RTF file LibClamAV debug: cache_check: e7eb45e877c8cb80f56e9dbc9504e757 is negative LibClamAV debug: in cli_scanrtf() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: e7eb45e877c8cb80f56e9dbc9504e757 (level 0) LibClamAV debug: is_parse_hdr: skipped unknown file entry 15 LibClamAV debug: is_parse_hdr: file \corecomp.ini (size: 65503 csize: 12414 md5:09d38ceca6a012f4ce5b54f03db9b21a offset:c2d (data1.cab) 13:20000000 14:833273b4 15:1000000) LibClamAV debug: is_extract_cab: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-78fca0392b6133e4ed01fe0a02aebcfb.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: 09d38ceca6a012f4ce5b54f03db9b21a is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 09d38ceca6a012f4ce5b54f03db9b21a (level 0) LibClamAV debug: is_parse_hdr: file \FontData.ini (size: 39 csize: 43 md5:00f313e3e007599349a0c4d81c7807c4 offset:3cab (data1.cab) 13:20000000 14:f33a8c75 15:1000000) LibClamAV debug: is_extract_cab: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-aaff8ea16257f5dfdabbac5ed72ef00b.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: 00f313e3e007599349a0c4d81c7807c4 is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 00f313e3e007599349a0c4d81c7807c4 (level 0) LibClamAV debug: is_parse_hdr: file \StringTable-0009-English.ips (size: 329 csize: 177 md5:31563751792826a6272b09626250e155 offset:3cd6 (data1.cab) 13:20000000 14:f33a8c75 15:1000000) LibClamAV debug: is_extract_cab: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-2bdba366c63a396773f3d5eb20d2e4e4.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: 31563751792826a6272b09626250e155 is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 31563751792826a6272b09626250e155 (level 0) LibClamAV debug: is_parse_hdr: file \isrt.dll (size: 425984 csize: 211241 md5:9a7790ae29bbadfa35650751ecceb0e7 offset:3d87 (data1.cab) 13:20000000 14:833270b8 15:1000000) LibClamAV debug: is_extract_cab: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-2946e65237a4a39c762a6be50401a2e9.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 9a7790ae29bbadfa35650751ecceb0e7 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 63048 LibClamAV debug: cli_peheader: parsing version info @ rva 63048 (1/1) LibClamAV debug: VersionInfo (610fe): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (6114e): 'FileDescription'='InstallShield (R) RunTime DLL' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c00640020002800520029002000520075006e00540069006d006500200044004c004c000000 LibClamAV debug: VersionInfo (611b2): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (611ea): 'InternalName'='ISRT' - VI:49006e007400650072006e0061006c004e0061006d0065000000490053005200540000000000 LibClamAV debug: VersionInfo (61216): 'OriginalFilename'='ISRT.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d006500000049005300520054002e0064006c006c0000000000 LibClamAV debug: VersionInfo (61252): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (612ce): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (61312): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: e_lfanew == 280 LibClamAV debug: File type: DLL LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 5 LibClamAV debug: TimeDateStamp: Mon Apr 4 06:03:31 2005 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x4c000 LibClamAV debug: SizeOfInitializedData: 0x1d000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x3c7b4 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x6a000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x4b36e 0x4c000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x4c000 0x4c000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0xd08d 0xe000 LibClamAV debug: VirtualAddress: 0x4d000 0x4d000 LibClamAV debug: SizeOfRawData: 0xe000 0xe000 LibClamAV debug: PointerToRawData: 0x4d000 0x4d000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x7828 0x8000 LibClamAV debug: VirtualAddress: 0x5b000 0x5b000 LibClamAV debug: SizeOfRawData: 0x6000 0x6000 LibClamAV debug: PointerToRawData: 0x5b000 0x5b000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x380 0x1000 LibClamAV debug: VirtualAddress: 0x63000 0x63000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x61000 0x61000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .reloc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x5d74 0x6000 LibClamAV debug: VirtualAddress: 0x64000 0x64000 LibClamAV debug: SizeOfRawData: 0x6000 0x6000 LibClamAV debug: PointerToRawData: 0x62000 0x62000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x3c7b4 (247732) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 9a7790ae29bbadfa35650751ecceb0e7 (level 0) LibClamAV debug: is_parse_hdr: file \default.pal (size: 1168 csize: 466 md5:0abafe3f69d053494405061de2629c82 offset:376b0 (data1.cab) 13:20000000 14:833273b4 15:1000000) LibClamAV debug: is_extract_cab: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-f5a7a0d9982bd54d07ab68cab96b25e9.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized RIFF file LibClamAV debug: cache_check: 0abafe3f69d053494405061de2629c82 is negative LibClamAV debug: in cli_check_riff_exploit() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 0abafe3f69d053494405061de2629c82 (level 0) LibClamAV debug: is_parse_hdr: file \_IsRes.dll (size: 548963 csize: 117928 md5:d28b31e1e3d9972cce01e4deb0288b31 offset:37882 (data1.cab) 13:20000000 14:84324006 15:1000000) LibClamAV debug: is_extract_cab: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-86f57f4df1ab7d6f31adebdc1ad5b320.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: d28b31e1e3d9972cce01e4deb0288b31 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 37048 LibClamAV debug: cli_peheader: parsing version info @ rva 37048 (1/1) LibClamAV debug: VersionInfo (6c1ee): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (6c23e): 'FileDescription'='InstallShield (R) Dialog Resources' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c006400200028005200290020004400690061006c006f00670020005200650073006f007500720063006500730000000000 LibClamAV debug: VersionInfo (6c2ae): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (6c2e6): 'InternalName'='_IsRes2k' - VI:49006e007400650072006e0061006c004e0061006d00650000005f004900730052006500730032006b0000000000 LibClamAV debug: VersionInfo (6c31a): 'OriginalFilename'='_IsRes.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d00650000005f00490073005200650073002e0064006c006c0000000000 LibClamAV debug: VersionInfo (6c35a): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (6c3d6): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (6c41a): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: e_lfanew == 216 LibClamAV debug: File type: DLL LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 6 LibClamAV debug: TimeDateStamp: Mon Apr 4 07:49:58 2005 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x2a000 LibClamAV debug: SizeOfInitializedData: 0x5d000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x1180 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x88000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x29dc0 0x2a000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x2a000 0x2a000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1f01 0x2000 LibClamAV debug: VirtualAddress: 0x2b000 0x2b000 LibClamAV debug: SizeOfRawData: 0x2000 0x2000 LibClamAV debug: PointerToRawData: 0x2b000 0x2b000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x6614 0x7000 LibClamAV debug: VirtualAddress: 0x2d000 0x2d000 LibClamAV debug: SizeOfRawData: 0x5000 0x5000 LibClamAV debug: PointerToRawData: 0x2d000 0x2d000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .idata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0xa11 0x1000 LibClamAV debug: VirtualAddress: 0x34000 0x34000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x32000 0x32000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x50de3 0x51000 LibClamAV debug: VirtualAddress: 0x35000 0x35000 LibClamAV debug: SizeOfRawData: 0x51000 0x51000 LibClamAV debug: PointerToRawData: 0x33000 0x33000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 5 LibClamAV debug: Section name: .reloc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1b62 0x2000 LibClamAV debug: VirtualAddress: 0x86000 0x86000 LibClamAV debug: SizeOfRawData: 0x2000 0x2000 LibClamAV debug: PointerToRawData: 0x84000 0x84000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x1180 (4480) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: d28b31e1e3d9972cce01e4deb0288b31 (level 0) LibClamAV debug: is_parse_hdr: skipped external file:\layout.bin (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e) LibClamAV debug: is_parse_hdr: skipped external file:\data1.hdr (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e) LibClamAV debug: is_parse_hdr: skipped external file:\data1.cab (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e) LibClamAV debug: is_parse_hdr: skipped external file:\setup.exe (size: 121064 csize: 121064 md5:bef1e6a9b97045ec3f2b9cf34acb6810) LibClamAV debug: is_parse_hdr: skipped external file:\setup.inx (size: 210370 csize: 210370 md5:6045272582fa1efe9ea7ff1e888facd6) LibClamAV debug: is_parse_hdr: skipped external file:\setup.ini (size: 452 csize: 452 md5:677bb0dbd503488e051b8ce98518270c) LibClamAV debug: is_parse_hdr: file \clam.exe (size: 544 csize: 258 md5:aa15bcf478d165efd2065190eb473bcb offset:200 (data2.cab) 13:20000000 14:f33a0275 15:2000000) LibClamAV debug: is_extract_cab: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-1fcd608fe3e54ac17b98a42eb84a7fc4.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 235bb0bcf01b767d5cf5570027c93f6b:1744032:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 37b9b0f97ea3bd6269e1d0be65185da2 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 0, rva: 99e18 LibClamAV debug: cli_peheader: parsing version info @ rva 99e18 (1/1) LibClamAV debug: VersionInfo (deda2): 'CompanyName'='company ' - VI:43006f006d00700061006e0079004e0061006d0065000000000063006f006d00700061006e0079002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: VersionInfo (dee3e): 'FileDescription'='Setup Launcher Unicode ' - VI:460069006c0065004400650073006300720069007000740069006f006e00000000005300650074007500700020004c00610075006e006300680065007200200055006e00690063006f0064006500200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200000000000 LibClamAV debug: VersionInfo (deee6): 'FileVersion'='1.00.0000 ' - VI:460069006c006500560065007200730069006f006e000000000031002e00300030002e00300030003000300020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200000000000 LibClamAV debug: VersionInfo (def6a): 'InternalName'='Setup ' - VI:49006e007400650072006e0061006c004e0061006d00650000005300650074007500700020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: VersionInfo (defe6): 'LegalCopyright'='Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved. ' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000390020004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e00200061006e0064002f006f007200200049006e007300740061006c006c0053006800690065006c006400200043006f002e00200049006e0063002e00200041006c006c0020005200690067006800740073002000520065007300650072007600650064002e0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: VersionInfo (df112): 'OriginalFilename'='Setup.exe ' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e0065007800650020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: VersionInfo (df19e): 'ProductName'='clam ' - VI:500072006f0064007500630074004e0061006d0065000000000063006c0061006d0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: VersionInfo (df22a): 'ProductVersion'='1.00.0000 ' - VI:500072006f006400750063007400560065007200730069006f006e00000031002e00300030002e0030003000300030002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200000000000 LibClamAV debug: VersionInfo (df2aa): 'Internal Build Number'='90563 ' - VI:49006e007400650072006e0061006c0020004200750069006c00640020004e0075006d00620065007200000000003900300035003600330020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type ISHIELD-MSI LibClamAV debug: hashtab: Freeing hashset, elements: 9, capacity: 64 LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: ISHIELD-MSI signature found at 915561 LibClamAV debug: in ishield-msi LibClamAV debug: ishield-msi: File clam.exe409.bmp (csize: 106, unk1:6000000 unk2:0 unk3:0 unk4:1000000 unk5:0 unk6:0 unk7:0 unk8:0 unk9:0 unk10:0 unk11:0) LibClamAV debug: ishield-msi: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-236470e5050af2ee9a29b84d76b383c2.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: 37b9b0f97ea3bd6269e1d0be65185da2:1215239:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 2f60b47aa5ff8931c786fbe0eafc657e is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 0, rva: 99e18 LibClamAV debug: cli_peheader: parsing version info @ rva 99e18 (1/1) LibClamAV debug: VersionInfo (deda2): 'CompanyName'='company ' - VI:43006f006d00700061006e0079004e0061006d0065000000000063006f006d00700061006e0079002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: VersionInfo (dee3e): 'FileDescription'='Setup Launcher Unicode ' - VI:460069006c0065004400650073006300720069007000740069006f006e00000000005300650074007500700020004c00610075006e006300680065007200200055006e00690063006f0064006500200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200000000000 LibClamAV debug: VersionInfo (deee6): 'FileVersion'='1.00.0000 ' - VI:460069006c006500560065007200730069006f006e000000000031002e00300030002e00300030003000300020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200000000000 LibClamAV debug: VersionInfo (def6a): 'InternalName'='Setup ' - VI:49006e007400650072006e0061006c004e0061006d00650000005300650074007500700020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: VersionInfo (defe6): 'LegalCopyright'='Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved. ' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000390020004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e00200061006e0064002f006f007200200049006e007300740061006c006c0053006800690065006c006400200043006f002e00200049006e0063002e00200041006c006c0020005200690067006800740073002000520065007300650072007600650064002e0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: VersionInfo (df112): 'OriginalFilename'='Setup.exe ' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e0065007800650020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: VersionInfo (df19e): 'ProductName'='clam ' - VI:500072006f0064007500630074004e0061006d0065000000000063006c0061006d0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: VersionInfo (df22a): 'ProductVersion'='1.00.0000 ' - VI:500072006f006400750063007400560065007200730069006f006e00000031002e00300030002e0030003000300030002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200000000000 LibClamAV debug: VersionInfo (df2aa): 'Internal Build Number'='90563 ' - VI:49006e007400650072006e0061006c0020004200750069006c00640020004e0075006d00620065007200000000003900300035003600330020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type ISHIELD-MSI LibClamAV debug: hashtab: Freeing hashset, elements: 9, capacity: 64 LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Can't read file header LibClamAV debug: ISHIELD-MSI signature found at 915561 LibClamAV debug: in ishield-msi LibClamAV debug: ishield-msi: File 0x0409.ini (csize: 1153, unk1:6000000 unk2:0 unk3:0 unk4:1000000 unk5:0 unk6:0 unk7:0 unk8:0 unk9:0 unk10:0 unk11:0) LibClamAV debug: ishield-msi: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-e7445f4ca514f0d24226dfabd359bd13.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized UTF-16LE character data LibClamAV debug: entconv: Encoding UTF-16LE LibClamAV debug: in_iconv_u16: unprocessed bytes: 0 LibClamAV debug: cache_check: 36affbd6ff77d1515cfc1c5e998fbaf9 is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 36affbd6ff77d1515cfc1c5e998fbaf9 (level 0) LibClamAV debug: ishield-msi: File EvalMarker.dat (csize: 8, unk1:6000000 unk2:0 unk3:0 unk4:1000000 unk5:0 unk6:0 unk7:0 unk8:0 unk9:0 unk10:0 unk11:0) LibClamAV debug: ishield-msi: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-02d24642164de0ec9bf10db460a2b47f.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Small data (0 bytes) LibClamAV debug: cli_magic_scandesc: returning 0 at line 3328 (no post, no cache) LibClamAV debug: ishield-msi: File clam.msi (csize: 3fdbd, unk1:6000000 unk2:0 unk3:0 unk4:1000000 unk5:0 unk6:0 unk7:0 unk8:0 unk9:0 unk10:0 unk11:0) LibClamAV debug: ishield-msi: extracted to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-d2852d7ac0debc8ff82c02de757cdd70.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized OLE2 container file LibClamAV debug: cache_check: efa529f28de651b561dc36646733e7e6 is negative LibClamAV debug: in cli_scanole2() LibClamAV debug: in cli_ole2_extract() LibClamAV debug: LibClamAV debug: Magic: 0xd0cf11e0a1b11ae1 LibClamAV debug: CLSID: {0000-00-00-00-000000} LibClamAV debug: Minor version: 0x3e LibClamAV debug: DLL version: 0x3 LibClamAV debug: Byte Order: -2 LibClamAV debug: Big Block Size: 9 LibClamAV debug: Small Block Size: 6 LibClamAV debug: BAT count: 11 LibClamAV debug: Prop start: 1 LibClamAV debug: SBAT cutoff: 4096 LibClamAV debug: SBat start: 56 LibClamAV debug: SBat block count: 4 LibClamAV debug: XBat start: -2 LibClamAV debug: XBat block count: 0 LibClamAV debug: LibClamAV debug: Max block number: 10280 LibClamAV debug: OLE2: no VBA projects found LibClamAV debug: OLE2: binary.newbinary4 [file] b size:0x00000cbe flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 5371475e745a1d5d8241f8d35d63b920 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 5371475e745a1d5d8241f8d35d63b920 (level 0) LibClamAV debug: OLE2: 01adminexecutesequence [file] b size:0x00000036 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: c02ab4558c885456a8dc0895f8218e78 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: c02ab4558c885456a8dc0895f8218e78 (level 0) LibClamAV debug: OLE2: icon.arpproducticon.exe [file] b size:0x0000d000 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 4667578a6b885927dac70c85a3e87e4f is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 9200 LibClamAV debug: cli_peheader: parsing version info @ rva 9200 (1/1) LibClamAV debug: VersionInfo (ba4a): 'CompanyName'='Acresso Software Inc.' - VI:43006f006d00700061006e0079004e0061006d006500000000004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e000000 LibClamAV debug: VersionInfo (ba96): 'FileDescription'='InstallShield' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c0064000000 LibClamAV debug: VersionInfo (bada): 'FileVersion'='16.0.328' - VI:460069006c006500560065007200730069006f006e0000000000310036002e0030002e0033003200380000000000 LibClamAV debug: VersionInfo (bb0e): 'InternalName'='_IsIcoRes.exe' - VI:49006e007400650072006e0061006c004e0061006d00650000005f0049007300490063006f005200650073002e006500780065000000 LibClamAV debug: VersionInfo (bb4a): 'LegalCopyright'='Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000390020004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e00200061006e0064002f006f007200200049006e007300740061006c006c0053006800690065006c006400200043006f002e00200049006e0063002e00200041006c006c0020005200690067006800740073002000520065007300650072007600650064002e000000 LibClamAV debug: VersionInfo (bc26): 'OriginalFilename'='_IsIcoRes.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d00650000005f0049007300490063006f005200650073002e006500780065000000 LibClamAV debug: VersionInfo (bc6a): 'ProductName'='InstallShield' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c0064000000 LibClamAV debug: VersionInfo (bca6): 'ProductVersion'='16.0' - VI:500072006f006400750063007400560065007200730069006f006e000000310036002e00300000000000 LibClamAV debug: VersionInfo (bcd6): 'Internal Build Number'='90563' - VI:49006e007400650072006e0061006c0020004200750069006c00640020004e0075006d0062006500720000000000390030003500360033000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 9, capacity: 64 LibClamAV debug: e_lfanew == 216 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 4 LibClamAV debug: TimeDateStamp: Wed Jun 10 21:04:05 2009 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x4000 LibClamAV debug: SizeOfInitializedData: 0x8000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x1005 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0xd000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x35ae 0x4000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x7a0 0x1000 LibClamAV debug: VirtualAddress: 0x5000 0x5000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x5000 0x5000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x29dc 0x3000 LibClamAV debug: VirtualAddress: 0x6000 0x6000 LibClamAV debug: SizeOfRawData: 0x3000 0x3000 LibClamAV debug: PointerToRawData: 0x6000 0x6000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x30e4 0x4000 LibClamAV debug: VirtualAddress: 0x9000 0x9000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x9000 0x9000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x1005 (4101) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 4667578a6b885927dac70c85a3e87e4f (level 0) LibClamAV debug: OLE2: 01installexecutesequence [file] b size:0x000001bc flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 4cb36190d6680b2807bc94a6991dc7db is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 4cb36190d6680b2807bc94a6991dc7db (level 0) LibClamAV debug: OLE2: _5_summaryinformation [file] r size:0x00000224 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: entconv: Encoding UCS-4 LibClamAV debug: entconv: iconv not found in cache, for encoding:UCS-4 LibClamAV debug: entconv: iconv_open(),for:UCS-4 -> 0x60b40 LibClamAV debug: in_iconv_u16: unprocessed bytes: 0 LibClamAV debug: cache_check: 4b51cc967957f26c2cef15a8c2cbc696 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 4b51cc967957f26c2cef15a8c2cbc696 (level 0) LibClamAV debug: OLE2: 01advtexecutesequence [file] b size:0x00000060 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 30c1f86169b14c6f430776885316df3d is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 30c1f86169b14c6f430776885316df3d (level 0) LibClamAV debug: OLE2: 01adminuisequence [file] b size:0x0000003c flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 14f6fec489f4d9db89817bc02bb3d3de is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 14f6fec489f4d9db89817bc02bb3d3de (level 0) LibClamAV debug: OLE2: 01installuisequence [file] b size:0x0000009c flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 816b801e90a5e45ec40b4a6d4ffc556e is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 816b801e90a5e45ec40b4a6d4ffc556e (level 0) LibClamAV debug: OLE2: 01issetuptypefeatures [file] b size:0x0000000c flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: 2b9d03825b6b40206c0993861a2a5284 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 2b9d03825b6b40206c0993861a2a5284 (level 0) LibClamAV debug: OLE2: 01iscomponentextended [file] r size:0x0000001e flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 0a338583cc13b37789ac0a051e84bc47 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 0a338583cc13b37789ac0a051e84bc47 (level 0) LibClamAV debug: OLE2: binary.setallusers.dll [file] r size:0x0001e540 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 1b05788b22e09f5f4282f06a1686ba1f is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 1a048 LibClamAV debug: cli_peheader: parsing version info @ rva 1a048 (1/1) LibClamAV debug: VersionInfo (18116): 'CompanyName'='Acresso Software Inc.' - VI:43006f006d00700061006e0079004e0061006d006500000000004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e000000 LibClamAV debug: VersionInfo (18162): 'FileDescription'='SetAllUsers' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000053006500740041006c006c00550073006500720073000000 LibClamAV debug: VersionInfo (181a2): 'FileVersion'='16.0.328' - VI:460069006c006500560065007200730069006f006e0000000000310036002e0030002e0033003200380000000000 LibClamAV debug: VersionInfo (181d6): 'InternalName'='SetAllUsers' - VI:49006e007400650072006e0061006c004e0061006d006500000053006500740041006c006c00550073006500720073000000 LibClamAV debug: VersionInfo (1820e): 'LegalCopyright'='Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000390020004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e00200061006e0064002f006f007200200049006e007300740061006c006c0053006800690065006c006400200043006f002e00200049006e0063002e00200041006c006c0020005200690067006800740073002000520065007300650072007600650064002e000000 LibClamAV debug: VersionInfo (182ea): 'OriginalFilename'='SetAllUsers.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d006500000053006500740041006c006c00550073006500720073002e0064006c006c000000 LibClamAV debug: VersionInfo (18332): 'ProductName'='InstallShield' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c0064000000 LibClamAV debug: VersionInfo (1836e): 'ProductVersion'='16.0' - VI:500072006f006400750063007400560065007200730069006f006e000000310036002e00300000000000 LibClamAV debug: VersionInfo (1839e): 'Internal Build Number'='90563' - VI:49006e007400650072006e0061006c0020004200750069006c00640020004e0075006d0062006500720000000000390030003500360033000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 9, capacity: 64 LibClamAV debug: e_lfanew == 264 LibClamAV debug: File type: DLL LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 5 LibClamAV debug: TimeDateStamp: Wed Jun 10 19:15:27 2009 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x10000 LibClamAV debug: SizeOfInitializedData: 0xe000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x7735 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x1f000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0xfa52 0x10000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x10000 0x10000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x2038 0x3000 LibClamAV debug: VirtualAddress: 0x11000 0x11000 LibClamAV debug: SizeOfRawData: 0x3000 0x3000 LibClamAV debug: PointerToRawData: 0x11000 0x11000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x5848 0x6000 LibClamAV debug: VirtualAddress: 0x14000 0x14000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x14000 0x14000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x420 0x1000 LibClamAV debug: VirtualAddress: 0x1a000 0x1a000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x18000 0x18000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .reloc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x3e14 0x4000 LibClamAV debug: VirtualAddress: 0x1b000 0x1b000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x19000 0x19000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x7735 (30517) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 1b05788b22e09f5f4282f06a1686ba1f (level 0) LibClamAV debug: OLE2: binary.isselfreg.dll [file] r size:0x00029538 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: b9be841281819a5af07e3611913a55f5 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 24048 LibClamAV debug: cli_peheader: parsing version info @ rva 24048 (1/1) LibClamAV debug: VersionInfo (220fe): 'CompanyName'='Acresso Software Inc.' - VI:43006f006d00700061006e0079004e0061006d006500000000004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e000000 LibClamAV debug: VersionInfo (2214a): 'FileDescription'='ISRegSvr.dll Module' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000490053005200650067005300760072002e0064006c006c0020004d006f00640075006c0065000000 LibClamAV debug: VersionInfo (2219a): 'FileVersion'='16.0.0.328' - VI:460069006c006500560065007200730069006f006e0000000000310036002e0030002e0030002e0033003200380000000000 LibClamAV debug: VersionInfo (221d2): 'InternalName'='ISRegSvr.dll' - VI:49006e007400650072006e0061006c004e0061006d0065000000490053005200650067005300760072002e0064006c006c0000000000 LibClamAV debug: VersionInfo (2220e): 'OriginalFilename'='ISRegSvr.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000490053005200650067005300760072002e0064006c006c0000000000 LibClamAV debug: VersionInfo (22252): 'LegalCopyright'='Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000390020004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e00200061006e0064002f006f007200200049006e007300740061006c006c0053006800690065006c006400200043006f002e00200049006e0063002e00200041006c006c0020005200690067006800740073002000520065007300650072007600650064002e000000 LibClamAV debug: VersionInfo (2232e): 'ProductName'='InstallShield' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c0064000000 LibClamAV debug: VersionInfo (2236a): 'ProductVersion'='16.0' - VI:500072006f006400750063007400560065007200730069006f006e000000310036002e00300000000000 LibClamAV debug: VersionInfo (2239a): 'Internal Build Number'='90563' - VI:49006e007400650072006e0061006c0020004200750069006c00640020004e0075006d0062006500720000000000390030003500360033000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 9, capacity: 64 LibClamAV debug: e_lfanew == 264 LibClamAV debug: File type: DLL LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 5 LibClamAV debug: TimeDateStamp: Wed Jun 10 19:15:13 2009 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x1a000 LibClamAV debug: SizeOfInitializedData: 0xf000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x11b2d LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x2a000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x19cd6 0x1a000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x1a000 0x1a000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x29d4 0x3000 LibClamAV debug: VirtualAddress: 0x1b000 0x1b000 LibClamAV debug: SizeOfRawData: 0x3000 0x3000 LibClamAV debug: PointerToRawData: 0x1b000 0x1b000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x5848 0x6000 LibClamAV debug: VirtualAddress: 0x1e000 0x1e000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x1e000 0x1e000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x418 0x1000 LibClamAV debug: VirtualAddress: 0x24000 0x24000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x22000 0x22000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .reloc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x4178 0x5000 LibClamAV debug: VirtualAddress: 0x25000 0x25000 LibClamAV debug: SizeOfRawData: 0x5000 0x5000 LibClamAV debug: PointerToRawData: 0x23000 0x23000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x11b2d (72493) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: b9be841281819a5af07e3611913a55f5 (level 0) LibClamAV debug: OLE2: 01featurecomponents [file] b size:0x0000000c flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: 40851857aabf17a3d1726e11ac6a1f53 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 40851857aabf17a3d1726e11ac6a1f53 (level 0) LibClamAV debug: OLE2: binary.isexphlp.dll [file] b size:0x00019538 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 067bdf5e3c696b2cf069f1e1fc536cb0 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: e_lfanew == 224 LibClamAV debug: File type: DLL LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 4 LibClamAV debug: TimeDateStamp: Wed Jun 10 19:09:26 2009 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0xf000 LibClamAV debug: SizeOfInitializedData: 0x9000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x7195 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x19000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0xed8e 0xf000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0xf000 0xf000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1940 0x2000 LibClamAV debug: VirtualAddress: 0x10000 0x10000 LibClamAV debug: SizeOfRawData: 0x2000 0x2000 LibClamAV debug: PointerToRawData: 0x10000 0x10000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x4ac8 0x5000 LibClamAV debug: VirtualAddress: 0x12000 0x12000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x12000 0x12000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .reloc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x176c 0x2000 LibClamAV debug: VirtualAddress: 0x17000 0x17000 LibClamAV debug: SizeOfRawData: 0x2000 0x2000 LibClamAV debug: PointerToRawData: 0x16000 0x16000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x7195 (29077) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 067bdf5e3c696b2cf069f1e1fc536cb0 (level 0) LibClamAV debug: OLE2: 01controlcondition [file] r size:0x000002f0 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 631c091fbd1542633b3b80f0f480bd41 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 631c091fbd1542633b3b80f0f480bd41 (level 0) LibClamAV debug: OLE2: binary.newbinary6 [file] b size:0x000011b6 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 7ae6211cf33f3b24bcb3dfe2335ae665 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 7ae6211cf33f3b24bcb3dfe2335ae665 (level 0) LibClamAV debug: OLE2: binary.newbinary8 [file] b size:0x000002fe flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: fc70c1cdfdde03de2fe0df7d2e765232 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: fc70c1cdfdde03de2fe0df7d2e765232 (level 0) LibClamAV debug: OLE2: binary.newbinary9 [file] r size:0x00002796 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 6e42cf0d47af25dea4cecdbe093d521c is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 6e42cf0d47af25dea4cecdbe093d521c (level 0) LibClamAV debug: OLE2: binary.newbinary7 [file] r size:0x000002fe flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 6d13676263dc9721edebaafc689d8041 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 6d13676263dc9721edebaafc689d8041 (level 0) LibClamAV debug: OLE2: binary.newbinary5 [file] b size:0x00003c08 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized JPEG file LibClamAV debug: cache_check: a0c5d37ce39f8af4aeb99955f7c1403b is negative LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: a0c5d37ce39f8af4aeb99955f7c1403b (level 0) LibClamAV debug: OLE2: binary.newbinary14 [file] b size:0x000002fe flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 836970e8db25825325451f01f48383f9 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 836970e8db25825325451f01f48383f9 (level 0) LibClamAV debug: OLE2: binary.newbinary18 [file] b size:0x000002fe flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 33190636e8e16cc2aeb9d16a9edf7d81 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 33190636e8e16cc2aeb9d16a9edf7d81 (level 0) LibClamAV debug: OLE2: binary.newbinary2 [file] b size:0x0000013e flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: c23cbf002d82192481b61ed7ec0890f4 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: c23cbf002d82192481b61ed7ec0890f4 (level 0) LibClamAV debug: OLE2: binary.newbinary3 [file] b size:0x0000013e flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 83730ac00391fb0f02f56fe2e4207a10 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 83730ac00391fb0f02f56fe2e4207a10 (level 0) LibClamAV debug: OLE2: binary.newbinary1 [file] b size:0x00000d0c flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized JPEG file LibClamAV debug: cache_check: aa262223edcb4133972080119eca45ea is negative LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: aa262223edcb4133972080119eca45ea (level 0) LibClamAV debug: OLE2: binary.newbinary16 [file] b size:0x000002fe flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 9b140369b669be06a15d6c7ce099c48d is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 9b140369b669be06a15d6c7ce099c48d (level 0) LibClamAV debug: OLE2: binary.newbinary17 [file] b size:0x000002fe flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: a74f8a3a31718b091713ace0eeb60de6 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: a74f8a3a31718b091713ace0eeb60de6 (level 0) LibClamAV debug: OLE2: binary.newbinary15 [file] b size:0x000002fe flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 17dcb1a90bb1aa39c6d4b168119145b5 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 17dcb1a90bb1aa39c6d4b168119145b5 (level 0) LibClamAV debug: OLE2: binary.newbinary10 [file] b size:0x000011b6 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 7f2548dc667d9a15410e22ed3a0fd099 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 7f2548dc667d9a15410e22ed3a0fd099 (level 0) LibClamAV debug: OLE2: binary.newbinary12 [file] b size:0x00000cbe flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 6eb0cce1ca5d515df02f3770eac436b4 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 6eb0cce1ca5d515df02f3770eac436b4 (level 0) LibClamAV debug: OLE2: binary.newbinary13 [file] b size:0x000002fe flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 6052220b412200fcfe2c8e77cce7c42a is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 6052220b412200fcfe2c8e77cce7c42a (level 0) LibClamAV debug: OLE2: binary.newbinary11 [file] b size:0x000011b6 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 7ae6211cf33f3b24bcb3dfe2335ae665 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 2783 (no post, no cache) LibClamAV debug: OLE2: 01controlevent [file] r size:0x00000798 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: adac420ec72c05e7dfb06f38cf1933b6 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: adac420ec72c05e7dfb06f38cf1933b6 (level 0) LibClamAV debug: OLE2: 01createfolder [file] b size:0x00000008 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: ac433835c2d3b0c38eabd00560093d75 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: ac433835c2d3b0c38eabd00560093d75 (level 0) LibClamAV debug: OLE2: 01customaction [file] b size:0x00000060 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 4cdd6cde882952408d1ef3f88edfeaa3 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 4cdd6cde882952408d1ef3f88edfeaa3 (level 0) LibClamAV debug: OLE2: 01eventmapping [file] r size:0x00000078 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: 400e1608b2521f32077a2409026e599b is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 400e1608b2521f32077a2409026e599b (level 0) LibClamAV debug: OLE2: 01msifilehash [file] r size:0x00000014 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: 85526b2efc358624dc2b5484b49ec495 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 85526b2efc358624dc2b5484b49ec495 (level 0) LibClamAV debug: OLE2: 01_validation [file] b size:0x000012d8 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: dd00094e2735911ac4edfe57b574bdf8 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: dd00094e2735911ac4edfe57b574bdf8 (level 0) LibClamAV debug: OLE2: 01radiobutton [file] b size:0x000000d8 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 02b76e2ad49a575e7adb59fc0cf9e629 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 02b76e2ad49a575e7adb59fc0cf9e629 (level 0) LibClamAV debug: OLE2: 01component [file] r size:0x00000024 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 4288708281468e9daee219a08ebb7716 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 4288708281468e9daee219a08ebb7716 (level 0) LibClamAV debug: OLE2: 01_stringdata [file] b size:0x00016eed flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: 326928e2791390490f331ecf8bd610f1 is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 326928e2791390490f331ecf8bd610f1 (level 0) LibClamAV debug: OLE2: 01_stringpool [file] r size:0x00002c1c flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 01d545252f6faa983f19008530e7a862 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 01d545252f6faa983f19008530e7a862 (level 0) LibClamAV debug: OLE2: 01issetuptype [file] r size:0x00000018 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 047a05b3ce47763a239dd0a5e9742f9a is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 047a05b3ce47763a239dd0a5e9742f9a (level 0) LibClamAV debug: OLE2: 01upgrade [file] b size:0x00000010 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 7ff2b0570dc7468f539f2c7e514ebc91 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 7ff2b0570dc7468f539f2c7e514ebc91 (level 0) LibClamAV debug: OLE2: 01textstyle [file] b size:0x00000120 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: fa6afc971904f8d2e449c17014c0a8ad is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: fa6afc971904f8d2e449c17014c0a8ad (level 0) LibClamAV debug: OLE2: 01directory [file] r size:0x00000042 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 602fad121f27bc6f08468195956651b1 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 602fad121f27bc6f08468195956651b1 (level 0) LibClamAV debug: OLE2: 01actiontext [file] b size:0x000001a4 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: fbb9e1da03525140eca2290883374101 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: fbb9e1da03525140eca2290883374101 (level 0) LibClamAV debug: OLE2: 01property [file] r size:0x00000140 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: 7eedccf84814ab89c9be1971916b2340 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 7eedccf84814ab89c9be1971916b2340 (level 0) LibClamAV debug: OLE2: 01checkbox [file] b size:0x0000000c flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: 89b7b3da5974ee1a40e9b8fea7f59ae7 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 89b7b3da5974ee1a40e9b8fea7f59ae7 (level 0) LibClamAV debug: OLE2: 01control [file] r size:0x0000293c flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: aa247c4e9b047130ca0aa178972ba508 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: aa247c4e9b047130ca0aa178972ba508 (level 0) LibClamAV debug: OLE2: 01file [file] b size:0x00000012 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: d56f92bbf68e34293641e5e0f9bc2857 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: d56f92bbf68e34293641e5e0f9bc2857 (level 0) LibClamAV debug: OLE2: 01binary [file] r size:0x00000054 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: 1d58b97dfce3ba06a0e4a00f982cf2ef is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 1d58b97dfce3ba06a0e4a00f982cf2ef (level 0) LibClamAV debug: OLE2: 01feature [file] b size:0x00000010 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 8aed2b47eaa29d720da73246e463d67a is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 8aed2b47eaa29d720da73246e463d67a (level 0) LibClamAV debug: OLE2: 01error [file] r size:0x00000994 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: d8edf31a1e45752e1654492056feaa2b is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: d8edf31a1e45752e1654492056feaa2b (level 0) LibClamAV debug: OLE2: 01_columns [file] b size:0x00000578 flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 2bb78a0fec31babea8bb931d7e152026 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 2bb78a0fec31babea8bb931d7e152026 (level 0) LibClamAV debug: OLE2: 01_tables [file] r size:0x0000004c flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: 023736b780fd296af291267d4904603f is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 023736b780fd296af291267d4904603f (level 0) LibClamAV debug: OLE2: data1.cab [file] r size:0x0000014f flags:0x00000000 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS CAB file LibClamAV debug: cache_check: 541061b126a8ff657e1f9f842a47a1f7 is negative LibClamAV debug: in cli_scanmscab() LibClamAV debug: CAB: -------------- Cabinet file ---------------- LibClamAV debug: CAB: Cabinet length: 335 LibClamAV debug: CAB: Folders: 1 LibClamAV debug: CAB: Files: 1 LibClamAV debug: CAB: File format version: 1.3 LibClamAV debug: CAB: Folder record 0 LibClamAV debug: CAB: Folder offset: 69 LibClamAV debug: CAB: Folder compression method: 1 LibClamAV debug: CAB: Recorded folders: 1 LibClamAV debug: CAB: File record 0 LibClamAV debug: CAB: File name: clam*exe LibClamAV debug: CAB: File offset: 0 LibClamAV debug: CAB: File folder index: 0 LibClamAV debug: CAB: File attribs: 0x20 LibClamAV debug: CAB: * file modified since last backup LibClamAV debug: CDBNAME:CL_TYPE_MSCAB:0:clam*exe:0:544:0:1:0:(nil) LibClamAV debug: CAB: Extracting file clam*exe to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-ff1443fb8f25ff83bb8d80afb86ef9fe.tmp, size 544, max_size: 26214400 LibClamAV debug: CAB: Compression method: MSZIP LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 541061b126a8ff657e1f9f842a47a1f7:335:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: efa529f28de651b561dc36646733e7e6:658432:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: 2f60b47aa5ff8931c786fbe0eafc657e:1184248:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: 0fcad0a2051bd0dfc8222694a41e2f86 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 8eaa9787edb074abdfaa93e15c33a8e2 is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-d9194faad200e753698ae57d30007194.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4760, [11230 in octal] LibClamAV debug: cli_untar: Checksum 4760 is valid. LibClamAV debug: cli_untar: size = 1539 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1539:clam01.tgz:1539:1539:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-d9194faad200e753698ae57d30007194.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: cli_untar: pos = 2048 LibClamAV debug: cli_untar: pos = 2560 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: 86b9faab66dfbb5494f02098de233337 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 1fd8b88265ce3f5f609112d1d7290360 is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-f45264030d39c54db442b964eda95f0d.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4760, [11230 in octal] LibClamAV debug: cli_untar: Checksum 4760 is valid. LibClamAV debug: cli_untar: size = 1362 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1362:clam02.tgz:1362:1362:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-f45264030d39c54db442b964eda95f0d.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: cli_untar: pos = 2048 LibClamAV debug: in cli_magic_scandesc (reclevel: 4/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: 3fd6edd55afc9ffd1b1b3a14037d318d is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 5/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 4686aa63b54275d9291460aeb43112fc is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-e37781c61b76e68277076e5a0aa5bbff.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4761, [11231 in octal] LibClamAV debug: cli_untar: Checksum 4761 is valid. LibClamAV debug: cli_untar: size = 1184 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1184:clam03.tgz:1184:1184:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-e37781c61b76e68277076e5a0aa5bbff.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: cli_untar: pos = 2048 LibClamAV debug: in cli_magic_scandesc (reclevel: 6/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: eefe348a7f2bbb93457c7542f2d25d40 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 7/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: c7035dd4361509ca567acf285f9cae7d is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-503d73b2481ca5db635e95af3dc253ec.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4762, [11232 in octal] LibClamAV debug: cli_untar: Checksum 4762 is valid. LibClamAV debug: cli_untar: size = 1028 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1028:clam04.tgz:1028:1028:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-503d73b2481ca5db635e95af3dc253ec.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: cli_untar: pos = 2048 LibClamAV debug: in cli_magic_scandesc (reclevel: 8/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: ae187a29a2985e38431a78c6af659c36 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 9/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: c465b8291b2cfe4dbc1c457feef5364a is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-25230371c2036866eb830d60e775ddf6.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4763, [11233 in octal] LibClamAV debug: cli_untar: Checksum 4763 is valid. LibClamAV debug: cli_untar: size = 844 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:844:clam05.tgz:844:844:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-25230371c2036866eb830d60e775ddf6.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: in cli_magic_scandesc (reclevel: 10/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: f81648d0166b550d74b5972632035215 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 11/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 97e0ec966bce0ed5368f7abd66a8a566 is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-41661a77c9efae9b75f03ad2e3fef208.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4771, [11243 in octal] LibClamAV debug: cli_untar: Checksum 4771 is valid. LibClamAV debug: cli_untar: size = 694 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:694:clam06.tgz:694:694:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-41661a77c9efae9b75f03ad2e3fef208.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: in cli_magic_scandesc (reclevel: 12/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: 229f703eda82655237de5742b71337e3 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 13/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 14ee5843e6c9e23c48e0a4c72f1b0055 is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-07215b8202e16a9ec0eac3348a80c157.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4764, [11234 in octal] LibClamAV debug: cli_untar: Checksum 4764 is valid. LibClamAV debug: cli_untar: size = 550 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:550:clam07.tgz:550:550:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-07215b8202e16a9ec0eac3348a80c157.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: in cli_magic_scandesc (reclevel: 14/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: a9d25b35786e3a86e7d95e5b6af41544 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 15/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 9c2ea61e882349220e49b33a56b4ac08 is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-f8fcbb3753988d4bb6857a0590fb16e7.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4773, [11245 in octal] LibClamAV debug: cli_untar: Checksum 4773 is valid. LibClamAV debug: cli_untar: size = 389 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:389:clam08.tgz:389:389:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-f8fcbb3753988d4bb6857a0590fb16e7.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: in cli_magic_scandesc (reclevel: 16/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: 497c54d7262dc2c8b74fd3eb327099c5 is negative LibClamAV debug: cli_magic_scandesc: Hit recursion limit, only scanning raw file LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: emax_reached: marked parents as non cacheable LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 9c2ea61e882349220e49b33a56b4ac08 (level 15) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: a9d25b35786e3a86e7d95e5b6af41544 (level 14) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 14ee5843e6c9e23c48e0a4c72f1b0055 (level 13) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 229f703eda82655237de5742b71337e3 (level 12) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 97e0ec966bce0ed5368f7abd66a8a566 (level 11) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: f81648d0166b550d74b5972632035215 (level 10) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: c465b8291b2cfe4dbc1c457feef5364a (level 9) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: ae187a29a2985e38431a78c6af659c36 (level 8) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: c7035dd4361509ca567acf285f9cae7d (level 7) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: eefe348a7f2bbb93457c7542f2d25d40 (level 6) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 4686aa63b54275d9291460aeb43112fc (level 5) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 3fd6edd55afc9ffd1b1b3a14037d318d (level 4) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 1fd8b88265ce3f5f609112d1d7290360 (level 3) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2549 LibClamAV debug: cache_add: 86b9faab66dfbb5494f02098de233337 (level 2) LibClamAV debug: cli_untar: Candidate checksum = 4760, [11230 in octal] LibClamAV debug: cli_untar: Checksum 4760 is valid. LibClamAV debug: cli_untar: size = 1362 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1362:clam02.tgz:1362:1362:0:2:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-d9194faad200e753698ae57d30007194.tmp/tar02 LibClamAV debug: cli_untar: pos = 3072 LibClamAV debug: cli_untar: pos = 3584 LibClamAV debug: cli_untar: pos = 4096 LibClamAV debug: cli_untar: pos = 4608 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: 3fd6edd55afc9ffd1b1b3a14037d318d is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 4686aa63b54275d9291460aeb43112fc is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-0921416339dd59619fd085c8008b726f.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4761, [11231 in octal] LibClamAV debug: cli_untar: Checksum 4761 is valid. LibClamAV debug: cli_untar: size = 1184 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1184:clam03.tgz:1184:1184:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-0921416339dd59619fd085c8008b726f.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: cli_untar: pos = 2048 LibClamAV debug: in cli_magic_scandesc (reclevel: 4/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: eefe348a7f2bbb93457c7542f2d25d40 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 5/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: c7035dd4361509ca567acf285f9cae7d is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-dfef51423b7729da940023c858e45077.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4762, [11232 in octal] LibClamAV debug: cli_untar: Checksum 4762 is valid. LibClamAV debug: cli_untar: size = 1028 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1028:clam04.tgz:1028:1028:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-dfef51423b7729da940023c858e45077.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: cli_untar: pos = 2048 LibClamAV debug: in cli_magic_scandesc (reclevel: 6/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: ae187a29a2985e38431a78c6af659c36 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 7/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: c465b8291b2cfe4dbc1c457feef5364a is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-928d7759f132afb28141dee4ef4b592a.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4763, [11233 in octal] LibClamAV debug: cli_untar: Checksum 4763 is valid. LibClamAV debug: cli_untar: size = 844 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:844:clam05.tgz:844:844:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-928d7759f132afb28141dee4ef4b592a.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: in cli_magic_scandesc (reclevel: 8/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: f81648d0166b550d74b5972632035215 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 9/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 97e0ec966bce0ed5368f7abd66a8a566 is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-be98afaba642b8ff49ace1ca3b33bc16.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4771, [11243 in octal] LibClamAV debug: cli_untar: Checksum 4771 is valid. LibClamAV debug: cli_untar: size = 694 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:694:clam06.tgz:694:694:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-be98afaba642b8ff49ace1ca3b33bc16.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: in cli_magic_scandesc (reclevel: 10/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: 229f703eda82655237de5742b71337e3 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 11/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 14ee5843e6c9e23c48e0a4c72f1b0055 is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-fd37f013d96729886a843756cbe694f1.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4764, [11234 in octal] LibClamAV debug: cli_untar: Checksum 4764 is valid. LibClamAV debug: cli_untar: size = 550 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:550:clam07.tgz:550:550:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-fd37f013d96729886a843756cbe694f1.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: in cli_magic_scandesc (reclevel: 12/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: a9d25b35786e3a86e7d95e5b6af41544 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 13/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 9c2ea61e882349220e49b33a56b4ac08 is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-8101a11452066facb3fbd452da8afbe9.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4773, [11245 in octal] LibClamAV debug: cli_untar: Checksum 4773 is valid. LibClamAV debug: cli_untar: size = 389 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:389:clam08.tgz:389:389:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-8101a11452066facb3fbd452da8afbe9.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: in cli_magic_scandesc (reclevel: 14/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: 497c54d7262dc2c8b74fd3eb327099c5 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 15/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 563085e0481c6f7826f74c3fe04dce6c is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-82067e3d9c3bb1d8bf9f2a08880c7fc3.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4645, [11045 in octal] LibClamAV debug: cli_untar: Checksum 4645 is valid. LibClamAV debug: cli_untar: size = 544 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:544:clam.exe:544:544:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-82067e3d9c3bb1d8bf9f2a08880c7fc3.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: in cli_magic_scandesc (reclevel: 16/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: cli_magic_scandesc: Hit recursion limit, only scanning raw file LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found in descriptor 20 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 563085e0481c6f7826f74c3fe04dce6c:10240:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: FP SIGNATURE: 497c54d7262dc2c8b74fd3eb327099c5:389:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 9c2ea61e882349220e49b33a56b4ac08:10240:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: FP SIGNATURE: a9d25b35786e3a86e7d95e5b6af41544:550:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 14ee5843e6c9e23c48e0a4c72f1b0055:10240:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: FP SIGNATURE: 229f703eda82655237de5742b71337e3:694:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 97e0ec966bce0ed5368f7abd66a8a566:10240:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: FP SIGNATURE: f81648d0166b550d74b5972632035215:844:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: c465b8291b2cfe4dbc1c457feef5364a:10240:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: FP SIGNATURE: ae187a29a2985e38431a78c6af659c36:1028:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: c7035dd4361509ca567acf285f9cae7d:10240:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: FP SIGNATURE: eefe348a7f2bbb93457c7542f2d25d40:1184:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 4686aa63b54275d9291460aeb43112fc:10240:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: FP SIGNATURE: 3fd6edd55afc9ffd1b1b3a14037d318d:1362:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: FP SIGNATURE: 8eaa9787edb074abdfaa93e15c33a8e2:10240:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: FP SIGNATURE: 0fcad0a2051bd0dfc8222694a41e2f86:3079:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 85831fa179ee6d3a2417a9c10506813e is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: Matched signature for file type ISO9660 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ISO9660 signature found at 32768 LibClamAV debug: in cli_scaniso LibClamAV debug: cli_scaniso: Raw sector size: 2048 LibClamAV debug: cli_scaniso: Block size: 2048 LibClamAV debug: cli_scaniso: Volume descriptor version: 1 LibClamAV debug: cli_scaniso: System: LINUX LibClamAV debug: cli_scaniso: Volume: CDROM LibClamAV debug: cli_scaniso: Volume space size: 0xb7 blocks LibClamAV debug: cli_scaniso: Volume 1 of 1 LibClamAV debug: cli_scaniso: Volume Set: LibClamAV debug: cli_scaniso: Publisher: LibClamAV debug: cli_scaniso: Data Preparer: LibClamAV debug: cli_scaniso: Application: GENISOIMAGE ISO 9660_HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE LibClamAV debug: cli_scaniso: Volume creation time: 2011-11-22 19:05:01 LibClamAV debug: cli_scaniso: Volume modification time: 2011-11-22 19:05:01 LibClamAV debug: cli_scaniso: Volume expiration time: 0000-00-00 00:00:00 LibClamAV debug: cli_scaniso: Volume effective time: 2011-11-22 19:05:01 LibClamAV debug: cli_scaniso: Path table size: 0x32 LibClamAV debug: cli_scaniso: LSB Path Table: 0x18 LibClamAV debug: cli_scaniso: Opt LSB Path Table: 0x0 LibClamAV debug: cli_scaniso: MSB Path Table: 0x1a LibClamAV debug: cli_scaniso: Opt MSB Path Table: 0x0 LibClamAV debug: cli_scaniso: File Structure Version: 1 LibClamAV debug: cli_scaniso: Joliet level 3 LibClamAV debug: iso_parse_dir: Directory 'long_dir_is_long': off 1f - size 800 - flags 2 - unit size 0 - gap size 0 - volume 1 LibClamAV debug: CDBNAME:CL_TYPE_ISO9660:2048:long_dir_is_long:2048:2048:0:0:0:(nil) LibClamAV debug: iso_parse_dir: File 'clam_exe_with_a_long_name.exe': off 20 - size 220 - flags 0 - unit size 0 - gap size 0 - volume 1 LibClamAV debug: CDBNAME:CL_TYPE_ISO9660:544:clam_exe_with_a_long_name.exe:544:544:0:0:0:(nil) LibClamAV debug: iso_scan_file: dumping to /var/tmp/portage/app-antivirus/clamav-0.99.4/temp/clamav-1249efe4c97a19a584cd0680cfd625a6.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: hashtab: Freeing hashset, elements: 2, capacity: 1024 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: 85831fa179ee6d3a2417a9c10506813e:374784:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2549 LibClamAV debug: Cleaning up phishcheck LibClamAV debug: Freeing phishcheck struct LibClamAV debug: Phishcheck cleaned up LibClamAV debug: entconv: Destroying iconv pool:0x5f140 LibClamAV debug: entconv: closing iconv:0x5f9b0 LibClamAV debug: entconv: closing iconv:0x60b40 /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.ea05.exe: ClamAV-Test-Icon-EA0X.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.ea06.exe: ClamAV-Test-Icon-EA0X.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam_IScab_ext.exe: ClamAV-Test-Icon-IScab.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam_IScab_int.exe: ClamAV-Test-Icon-IScab.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam_ISmsi_ext.exe: Clam-VI-Test:Target.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam_ISmsi_int.exe: Clam-VI-Test:Target.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.tar.gz: YARA.yara_at_offset.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam_cache_emax.tgz: YARA.yara_at_offset.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/check_common.sh: line 93: 33771 Bus error $TOP/libtool --mode=execute $WRAPPER $* *** *** Failed to run /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../clamscan/clamscan --gen-json --quiet -dtest-db/test.yara /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam-aspack.exe /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam-fsg.exe /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam-mew.exe /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam-nsis.exe /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam-pespin.exe /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam-petite.exe /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam-upack.exe /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam-upx.exe /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam-v2.rar /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam-v3.rar /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam-wwpack.exe /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam-yc.exe /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.7z /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.arj /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.bin-be.cpio /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.bin-le.cpio /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.bz2.zip /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.cab /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.chm /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.d64.zip /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.ea05.exe /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.ea06.exe /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.exe /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.exe.binhex /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.exe.bz2 /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.exe.html /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.exe.mbox.base64 /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.exe.mbox.uu /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.exe.rtf /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.exe.szdd /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.impl.zip /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.iso /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.mail /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.newc.cpio /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.odc.cpio /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.ole.doc /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.pdf /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.ppt /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.sis /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.tar.gz /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.tnef /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam.zip /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam_IScab_ext.exe /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam_IScab_int.exe /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam_ISmsi_ext.exe /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam_ISmsi_int.exe /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clam_cache_emax.tgz /var/tmp/portage/app-antivirus/clamav-0.99.4/work/clamav-0.99.4/unit_tests/../test/clamjol.iso --log=clamscan7.log, expected 1 exitcode, but was 138 *** ------------------------------------------------------------------------------- *** *** clamscan YARA in-range test failed *** SKIP: check5_clamd_vg.sh (exit: 77) =================================== *** valgrind tests skipped by default, use 'make check VG=1' to activate SKIP: check6_clamd_vg.sh (exit: 77) =================================== *** valgrind tests skipped by default, use 'make check VG=1' to activate SKIP: check7_clamd_hg.sh (exit: 77) =================================== SKIP: check8_clamd_hg.sh (exit: 77) =================================== *** valgrind tests skipped by default, use 'make check VG=1' to activate SKIP: check9_clamscan_vg.sh (exit: 77) ====================================== *** valgrind tests skipped by default, use 'make check VG=1' to activate