=============================================== ClamAV 0.100.0: unit_tests/test-suite.log =============================================== # TOTAL: 13 # PASS: 4 # SKIP: 6 # XFAIL: 0 # FAIL: 3 # XPASS: 0 # ERROR: 0 .. contents:: :depth: 2 FAIL: check_clamav ================== Using test case timeout of 0 seconds set by user Running suite(s): cl_api cli jsnorm str regex disasm unique matchers htmlnorm bytecode 96%: Checks: 988, Failures: 36, Errors: 0 check_clamav.c:178:F:cl_scan:test_cl_scandesc:5: cl_scandesc failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.cab: No viruses detected check_clamav.c:178:F:cl_scan:test_cl_scandesc:30: cl_scandesc failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.chm: No viruses detected check_clamav.c:178:F:cl_scan:test_cl_scandesc:34: cl_scandesc failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_ISmsi_int.exe: No viruses detected check_clamav.c:200:F:cl_scan:test_cl_scandesc_allscan:5: cl_scandesc_allscan failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.cab: No viruses detected check_clamav.c:200:F:cl_scan:test_cl_scandesc_allscan:30: cl_scandesc_allscan failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.chm: No viruses detected check_clamav.c:200:F:cl_scan:test_cl_scandesc_allscan:34: cl_scandesc_allscan failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_ISmsi_int.exe: No viruses detected check_clamav.c:224:F:cl_scan:test_cl_scanfile:5: cl_scanfile failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.cab: No viruses detected check_clamav.c:224:F:cl_scan:test_cl_scanfile:30: cl_scanfile failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.chm: No viruses detected check_clamav.c:224:F:cl_scan:test_cl_scanfile:34: cl_scanfile failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_ISmsi_int.exe: No viruses detected check_clamav.c:246:F:cl_scan:test_cl_scanfile_allscan:5: cl_scanfile_allscan failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.cab: No viruses detected check_clamav.c:246:F:cl_scan:test_cl_scanfile_allscan:30: cl_scanfile_allscan failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.chm: No viruses detected check_clamav.c:246:F:cl_scan:test_cl_scanfile_allscan:34: cl_scanfile_allscan failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_ISmsi_int.exe: No viruses detected check_clamav.c:314:F:cl_scan:test_cl_scandesc_callback:5: cl_scanfile failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.cab: No viruses detected check_clamav.c:314:F:cl_scan:test_cl_scandesc_callback:30: cl_scanfile failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.chm: No viruses detected check_clamav.c:314:F:cl_scan:test_cl_scandesc_callback:34: cl_scanfile failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_ISmsi_int.exe: No viruses detected check_clamav.c:337:F:cl_scan:test_cl_scandesc_callback_allscan:5: cl_scanfile_allscan failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.cab: No viruses detected check_clamav.c:337:F:cl_scan:test_cl_scandesc_callback_allscan:30: cl_scanfile_allscan failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.chm: No viruses detected check_clamav.c:337:F:cl_scan:test_cl_scandesc_callback_allscan:34: cl_scanfile_allscan failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_ISmsi_int.exe: No viruses detected check_clamav.c:269:F:cl_scan:test_cl_scanfile_callback:5: cl_scanfile_cb failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.cab: No viruses detected check_clamav.c:269:F:cl_scan:test_cl_scanfile_callback:30: cl_scanfile_cb failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.chm: No viruses detected check_clamav.c:269:F:cl_scan:test_cl_scanfile_callback:34: cl_scanfile_cb failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_ISmsi_int.exe: No viruses detected check_clamav.c:292:F:cl_scan:test_cl_scanfile_callback_allscan:5: cl_scanfile_cb_allscan failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.cab: No viruses detected check_clamav.c:292:F:cl_scan:test_cl_scanfile_callback_allscan:30: cl_scanfile_cb_allscan failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.chm: No viruses detected check_clamav.c:292:F:cl_scan:test_cl_scanfile_callback_allscan:34: cl_scanfile_cb_allscan failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_ISmsi_int.exe: No viruses detected check_clamav.c:504:F:cl_scan:test_cl_scanmap_callback_handle:5: cl_scanmap_callback failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.cab: No viruses detected check_clamav.c:504:F:cl_scan:test_cl_scanmap_callback_handle:30: cl_scanmap_callback failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.chm: No viruses detected check_clamav.c:504:F:cl_scan:test_cl_scanmap_callback_handle:34: cl_scanmap_callback failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_ISmsi_int.exe: No viruses detected check_clamav.c:530:F:cl_scan:test_cl_scanmap_callback_handle_allscan:5: cl_scanmap_callback_allscan failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.cab: No viruses detected check_clamav.c:530:F:cl_scan:test_cl_scanmap_callback_handle_allscan:30: cl_scanmap_callback_allscan failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.chm: No viruses detected check_clamav.c:530:F:cl_scan:test_cl_scanmap_callback_handle_allscan:34: cl_scanmap_callback_allscan failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_ISmsi_int.exe: No viruses detected check_clamav.c:560:F:cl_scan:test_cl_scanmap_callback_mem:5: cl_scanmap_callback failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.cab: No viruses detected check_clamav.c:560:F:cl_scan:test_cl_scanmap_callback_mem:30: cl_scanmap_callback failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.chm: No viruses detected check_clamav.c:560:F:cl_scan:test_cl_scanmap_callback_mem:34: cl_scanmap_callback failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_ISmsi_int.exe: No viruses detected check_clamav.c:593:F:cl_scan:test_cl_scanmap_callback_mem_allscan:5: cl_scanmap_callback failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.cab: No viruses detected check_clamav.c:593:F:cl_scan:test_cl_scanmap_callback_mem_allscan:30: cl_scanmap_callback failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.chm: No viruses detected check_clamav.c:593:F:cl_scan:test_cl_scanmap_callback_mem_allscan:34: cl_scanmap_callback failed for /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_ISmsi_int.exe: No viruses detected NOTICE: Use the 'T' environment variable to adjust testcase timeout SKIP: check_unit_vg.sh ====================== *** valgrind tests skipped by default, use 'make check VG=1' to activate FAIL: check1_clamscan.sh ======================== LibClamAV debug: searching for unrar, user-searchpath: /usr/lib LibClamAV debug: unrar support loaded from /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/libclamav/.libs/libclamunrar_iface.so.7.1.1 libclamunrar_iface_so_7_1 LibClamAV debug: Initialized 0.100.0 engine LibClamAV debug: Initializing phishcheck module LibClamAV debug: Phishcheck: Compiling regex: ^ *(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$ LibClamAV debug: Phishcheck module initialized LibClamAV debug: Bytecode initialized in interpreter mode LibClamAV debug: test-db/test.hdb loaded LibClamAV debug: Initializing engine->root[0] LibClamAV debug: Initializing AC pattern matcher of root[0] LibClamAV debug: cli_initroots: Initializing BM tables of root[0] LibClamAV debug: Initializing engine->root[1] LibClamAV debug: Initializing AC pattern matcher of root[1] LibClamAV debug: cli_initroots: Initializing BM tables of root[1] LibClamAV debug: Initializing engine->root[2] LibClamAV debug: Initializing AC pattern matcher of root[2] LibClamAV debug: Initializing engine->root[3] LibClamAV debug: Initializing AC pattern matcher of root[3] LibClamAV debug: Initializing engine->root[4] LibClamAV debug: Initializing AC pattern matcher of root[4] LibClamAV debug: Initializing engine->root[5] LibClamAV debug: Initializing AC pattern matcher of root[5] LibClamAV debug: Initializing engine->root[6] LibClamAV debug: Initializing AC pattern matcher of root[6] LibClamAV debug: Initializing engine->root[7] LibClamAV debug: Initializing AC pattern matcher of root[7] LibClamAV debug: Initializing engine->root[8] LibClamAV debug: Initializing AC pattern matcher of root[8] LibClamAV debug: Initializing engine->root[9] LibClamAV debug: Initializing AC pattern matcher of root[9] LibClamAV debug: Initializing engine->root[10] LibClamAV debug: Initializing AC pattern matcher of root[10] LibClamAV debug: Initializing engine->root[11] LibClamAV debug: Initializing AC pattern matcher of root[11] LibClamAV debug: Initializing engine->root[12] LibClamAV debug: Initializing AC pattern matcher of root[12] LibClamAV debug: Initializing engine->root[13] LibClamAV debug: Initializing AC pattern matcher of root[13] LibClamAV debug: Initializing engine->root[14] LibClamAV debug: Initializing AC pattern matcher of root[14] LibClamAV debug: Loaded 153 filetype definitions LibClamAV debug: Using filter for trie 0 LibClamAV debug: Matcher[0]: GENERIC: AC sigs: 82 (reloff: 1, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 32 LibClamAV debug: Using filter for trie 1 LibClamAV debug: Matcher[1]: PE: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 LibClamAV debug: Matcher[2]: OLE2: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[3]: HTML: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Using filter for trie 4 LibClamAV debug: Matcher[4]: MAIL: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[5]: GRAPHICS: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[6]: ELF: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Using filter for trie 7 LibClamAV debug: Matcher[7]: ASCII: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[8]: NOT USED: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[9]: MACH-O: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[10]: PDF: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[11]: FLASH: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[12]: JAVA: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[13]: INTERNAL: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[14]: OTHER: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Dynamic engine configuration settings: LibClamAV debug: -------------------------------------- LibClamAV debug: Module PE: On LibClamAV debug: * Submodule PARITE: On LibClamAV debug: * Submodule KRIZ: On LibClamAV debug: * Submodule MAGISTR: On LibClamAV debug: * Submodule POLIPOS: On LibClamAV debug: * Submodule MD5SECT: On LibClamAV debug: * Submodule UPX: On LibClamAV debug: * Submodule FSG: On LibClamAV debug: * Submodule SWIZZOR: ** Off ** LibClamAV debug: * Submodule PETITE: On LibClamAV debug: * Submodule PESPIN: On LibClamAV debug: * Submodule YC: On LibClamAV debug: * Submodule WWPACK: On LibClamAV debug: * Submodule NSPACK: On LibClamAV debug: * Submodule MEW: On LibClamAV debug: * Submodule UPACK: On LibClamAV debug: * Submodule ASPACK: On LibClamAV debug: * Submodule CATALOG: On LibClamAV debug: * Submodule CERTS: On LibClamAV debug: * Submodule MATCHICON: On LibClamAV debug: * Submodule IMPTBL: On LibClamAV debug: Module ELF: On LibClamAV debug: Module MACHO: On LibClamAV debug: Module ARCHIVE: On LibClamAV debug: * Submodule RAR: On LibClamAV debug: * Submodule ZIP: On LibClamAV debug: * Submodule GZIP: On LibClamAV debug: * Submodule BZIP: On LibClamAV debug: * Submodule ARJ: On LibClamAV debug: * Submodule SZDD: On LibClamAV debug: * Submodule CAB: On LibClamAV debug: * Submodule CHM: On LibClamAV debug: * Submodule OLE2: On LibClamAV debug: * Submodule TAR: On LibClamAV debug: * Submodule CPIO: On LibClamAV debug: * Submodule BINHEX: On LibClamAV debug: * Submodule SIS: On LibClamAV debug: * Submodule NSIS: On LibClamAV debug: * Submodule AUTOIT: On LibClamAV debug: * Submodule ISHIELD: On LibClamAV debug: * Submodule 7zip: On LibClamAV debug: * Submodule ISO9660: On LibClamAV debug: * Submodule DMG: On LibClamAV debug: * Submodule XAR: On LibClamAV debug: * Submodule HFSPLUS: On LibClamAV debug: * Submodule XZ: On LibClamAV debug: * Submodule PASSWD: On LibClamAV debug: * Submodule MBR: On LibClamAV debug: * Submodule GPT: On LibClamAV debug: * Submodule APM: On LibClamAV debug: Module DOCUMENT: On LibClamAV debug: * Submodule HTML: On LibClamAV debug: * Submodule RTF: On LibClamAV debug: * Submodule PDF: On LibClamAV debug: * Submodule SCRIPT: On LibClamAV debug: * Submodule HTMLSKIPRAW: On LibClamAV debug: * Submodule JSNORM: On LibClamAV debug: * Submodule SWF: On LibClamAV debug: * Submodule OOXML: On LibClamAV debug: * Submodule MSPML: On LibClamAV debug: * Submodule HWP: On LibClamAV debug: Module MAIL: On LibClamAV debug: * Submodule MBOX: On LibClamAV debug: * Submodule TNEF: On LibClamAV debug: Module OTHER: On LibClamAV debug: * Submodule UUENCODED: On LibClamAV debug: * Submodule SCRENC: On LibClamAV debug: * Submodule RIFF: On LibClamAV debug: * Submodule JPEG: On LibClamAV debug: * Submodule CRYPTFF: On LibClamAV debug: * Submodule DLP: On LibClamAV debug: * Submodule MYDOOMLOG: On LibClamAV debug: * Submodule PREFILTERING: On LibClamAV debug: * Submodule PDFNAMEOBJ: On LibClamAV debug: * Submodule PRTNINTXN: On LibClamAV debug: * Submodule LZW: On LibClamAV debug: Module PHISHING On LibClamAV debug: * Submodule ENGINE: On LibClamAV debug: * Submodule ENTCONV: On LibClamAV debug: Module BYTECODE On LibClamAV debug: * Submodule INTERPRETER: On LibClamAV debug: * Submodule JIT X86: On LibClamAV debug: * Submodule JIT PPC: On LibClamAV debug: * Submodule JIT ARM: ** Off ** LibClamAV debug: Module STATS Off LibClamAV debug: Module PCRE On LibClamAV debug: * Submodule SUPPORT: On LibClamAV debug: * Submodule OPTIONS: On LibClamAV debug: * Submodule GLOBAL: On LibClamAV debug: pool memory used: 4.374 MB LibClamAV debug: No bytecodes loaded, not running builtin test LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 2bf6c8403b5b0a6ccdcfc7c7a434507c is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: e_lfanew == 200 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 6 LibClamAV debug: TimeDateStamp: Mon Apr 14 11:51:53 2008 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 8 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x200 LibClamAV debug: SizeOfInitializedData: 0x400 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x5001 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x8000 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x2000 0x2000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x600 0x600 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x3000 0x3000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x800 0x800 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .clam LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x4000 0x4000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0xa00 0xa00 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .aspack LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x2000 0x2000 LibClamAV debug: VirtualAddress: 0x5000 0x5000 LibClamAV debug: SizeOfRawData: 0x1200 0x1200 LibClamAV debug: PointerToRawData: 0xc00 0xc00 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 5 LibClamAV debug: Section name: .adata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x7000 0x7000 LibClamAV debug: SizeOfRawData: 0x0 0x0 LibClamAV debug: PointerToRawData: 0x1e00 0x1e00 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0xc01 (3073) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Aspack: unpacking block rva:2000 - sz:200 LibClamAV debug: Aspack: unpacking block rva:3058 - sz:1a8 LibClamAV debug: Aspack: unpacking block rva:4000 - sz:1000 LibClamAV debug: Aspack: successfully rebuilt LibClamAV debug: Aspack: Unpacked and rebuilt executable LibClamAV debug: ***** Scanning rebuilt PE file ***** LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 4a4477a6d2d866b38806e9bfa5a6bb2e is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_peheader LibClamAV debug: *** Detected embedded PE file at 16864 *** LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_scanembpe: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: c6ccf4ddbccbcaa01b441690a329d1b0 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_peheader LibClamAV debug: *** Detected embedded PE file at 6112 *** LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_scanembpe: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 6b39b93ff222f7b979337faae602c6cf is negative LibClamAV debug: in cli_peheader LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: e_lfanew == 12 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 2 LibClamAV debug: TimeDateStamp: Thu Jan 1 01:00:00 1970 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 0 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x200 LibClamAV debug: SizeOfInitializedData: 0x0 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x63ff LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x7000 LibClamAV debug: SizeOfHeaders: 0x200 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: MEW LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x5000 0x5000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x0 0x0 LibClamAV debug: PointerToRawData: 0x0 0x0 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: ÒuÛŠëÔ LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x6000 0x6000 LibClamAV debug: SizeOfRawData: 0x418 0x418 LibClamAV debug: PointerToRawData: 0x200 0x200 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x5ff (1535) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression LibClamAV debug: MEW: found MEW characteristics FFFF9D50 + 000063FF + 5 = 00000154 LibClamAV debug: MEW: Win9x compatibility was set! LibClamAV debug: MEW: ssize 00001000 dsize 00005000 offdiff: 0000001c LibClamAV debug: MEW: 1048 (00000418) bytes read LibClamAV debug: MEW unpacking section 0 (0x65fe8->0x60fc0) LibClamAV debug: MEW unpacking section 1 (0x660bd->0x61fdc) LibClamAV debug: MEW unpacking section 2 (0x660f7->0x63018) LibClamAV debug: MEW unpacking section 3 (0x6615d->0x64e2c) LibClamAV debug: MEW unpacking section 4 (0x662d6->0x65f49) LibClamAV debug: MEW: Unpacked and rebuilt executable LibClamAV debug: ***** Scanning rebuilt PE file ***** LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: eb55c7b07f6c22b7c09ea52a8eeaddec is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type ZIP-SFX at 17004 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ZIP/ZIP-SFX signature found at 17004 LibClamAV debug: in cli_unzip_single LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:256:ef073cfd:8:0:2 LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:0:4010228989:(nil) LibClamAV debug: cli_unzip: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-7492c428aae7330e7a6414b189b3f0c2.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 3527d9af6c885b7a469ced2fa4890dc6 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type NSIS at 46084 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: NSIS signature found at 46080 LibClamAV debug: in scannulsft() LibClamAV debug: NSIS: Header info - Flags=0, Header size=1105, Archive size=54d LibClamAV debug: NSIS: solid compression not detected LibClamAV debug: NSIS: bzip2 0 - lzma 2 - zlib 0 LibClamAV debug: NSIS: Successully extracted file #1 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: NSIS: Successully extracted file #2 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 517cb11c1ae9e0c119e7699d65b71d05 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: e_lfanew == 200 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 5 LibClamAV debug: TimeDateStamp: Thu Jan 1 01:00:00 1970 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 0 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x200 LibClamAV debug: SizeOfInitializedData: 0x400 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x5087 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x82c3 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: KuNgBiM LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: KuNgBiM LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x2000 0x2000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x600 0x600 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x3000 0x3000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x800 0x800 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: KuNgBiM LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x4000 0x4000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0xa00 0xa00 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: KuNgBiM LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x32c3 0x4000 LibClamAV debug: VirtualAddress: 0x5000 0x5000 LibClamAV debug: SizeOfRawData: 0x3400 0x3400 LibClamAV debug: PointerToRawData: 0xc00 0xc00 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0xc87 (3207) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: in unspin LibClamAV debug: spin: Key8 is 91, Len is 11fe LibClamAV debug: spin: Key is 47b3f060, Len is 5a0 LibClamAV debug: spin: Key32 is 3523a0f5 - XORbitmap is b LibClamAV debug: spin: Decrypting sects (xor) LibClamAV debug: spin: done LibClamAV debug: spin: Key is 43a806db, Len is 180 LibClamAV debug: spin: POLY1 len is 1a1 LibClamAV debug: spin: POLYbitmap is b - decrypting sects (poly) LibClamAV debug: spin: done LibClamAV debug: spin: Compression bitmap is 8 LibClamAV debug: spin: Not growing sect0 LibClamAV debug: spin: Not growing sect1 LibClamAV debug: spin: Not growing sect2 LibClamAV debug: spin: Growing sect3: was 200 will be 1000 LibClamAV debug: spin: decompression complete LibClamAV debug: PEspin: Unpacked and rebuilt executable LibClamAV debug: ***** Scanning rebuilt PE file ***** LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: ea58113cd88ec4715020f5189529d35b is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_peheader LibClamAV debug: *** Detected embedded PE file at 6112 *** LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_scanembpe: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 2891f5b98be269b9f6ffbbb2c84ae4f4 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: e_lfanew == 240 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 4 LibClamAV debug: TimeDateStamp: Mon Apr 14 11:51:53 2008 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 8 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x200 LibClamAV debug: SizeOfInitializedData: 0x400 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x5042 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x6000 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x2000 0x2000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x600 0x600 LibClamAV debug: PointerToRawData: 0x800 0x800 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x3000 0x3000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0xe00 0xe00 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x4000 0x4000 LibClamAV debug: SizeOfRawData: 0x0 0x0 LibClamAV debug: PointerToRawData: 0x0 0x0 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .petite LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x2cc 0x1000 LibClamAV debug: VirtualAddress: 0x5000 0x5000 LibClamAV debug: SizeOfRawData: 0x400 0x400 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x442 (1090) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression LibClamAV debug: UPX: NRV2B decompressor failed LibClamAV debug: UPX: NRV2D decompressor failed LibClamAV debug: UPX: NRV2E decompressor failed LibClamAV debug: UPX: All decompressors failed LibClamAV debug: Petite: v2.2 compression detected LibClamAV debug: Petite: Found petite code in sect2(2000). Let's strip it. LibClamAV debug: Petite: Encrypted EP: dfed1249 | Array of imports: 205c LibClamAV debug: Petite: Old EP: 1020 LibClamAV debug: Petite: Sections dump: LibClamAV debug: Petite: .SECT0 RVA:1000 VSize:1000 ROffset: 0, RSize:f7 LibClamAV debug: Petite: .SECT1 RVA:2000 VSize:2000 ROffset: f7, RSize:123 LibClamAV debug: Petite: .SECT2 RVA:4000 VSize:ffc ROffset: 21a, RSize:ffc LibClamAV debug: Petite: Unpacked and rebuilt executable LibClamAV debug: ***** Scanning rebuilt PE file ***** LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 8a2bf11929515746f3df244a4ac91c7c is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type ZIP-SFX at 5740 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ZIP/ZIP-SFX signature found at 5740 LibClamAV debug: in cli_unzip_single LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:256:ef073cfd:8:0:2 LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:0:4010228989:(nil) LibClamAV debug: cli_unzip: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-e670f9280000acfbe98c9d049e477020.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 832fd1026a13e16686b55e855bb559df is negative LibClamAV debug: in cli_peheader LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: e_lfanew == 16 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 3 LibClamAV debug: TimeDateStamp: Sat Jan 24 00:39:42 2004 LibClamAV debug: SizeOfOptionalHeader: 148 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 76 LibClamAV debug: MinorLinkerVersion: 111 LibClamAV debug: SizeOfCode: 0x694c6461 LibClamAV debug: SizeOfInitializedData: 0x72617262 LibClamAV debug: SizeOfUninitializedData: 0x4179 LibClamAV debug: AddressOfEntryPoint: 0x1018 LibClamAV debug: BaseOfCode: 0x10 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0xf000 LibClamAV debug: SizeOfHeaders: 0x200 LibClamAV debug: NumberOfRvaAndSizes: 10 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: PSÿÕ«ëçà LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x5000 0x5000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x1f0 0x200 LibClamAV debug: PointerToRawData: 0x10 0x0 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x8000 0x8000 LibClamAV debug: VirtualAddress: 0x6000 0x6000 LibClamAV debug: SizeOfRawData: 0x53c 0x53c LibClamAV debug: PointerToRawData: 0x200 0x200 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: oP@ LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0xe000 0xe000 LibClamAV debug: SizeOfRawData: 0x1f0 0x200 LibClamAV debug: PointerToRawData: 0x10 0x0 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x18 (24) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Upack characteristics found. LibClamAV debug: Upack: var set LibClamAV debug: Upack: EP: 00000018 original: 00000020 || 00401020 LibClamAV debug: Upack: Context Bits parameter used with lzma: 05, 1c00 LibClamAV debug: Upack: data initialized, before upack lzma call! LibClamAV debug: p0: 0x6606e p1: ffffffff p2: 00000000 LibClamAV debug: state[0] = ffffffff LibClamAV debug: state[1] = 00000000 LibClamAV debug: state[2] = 00000001 LibClamAV debug: state[3] = 00000001 LibClamAV debug: state[4] = 00000001 LibClamAV debug: state[5] = 00000001 LibClamAV debug: Upack: loops: 00000002 search value: 00 LibClamAV debug: Upack: Unpacked and rebuilt executable LibClamAV debug: ***** Scanning rebuilt PE file ***** LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: de4f18d10798acf90ab81dc899dffb14 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type ZIP-SFX at 16492 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ZIP/ZIP-SFX signature found at 16492 LibClamAV debug: in cli_unzip_single LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:256:ef073cfd:8:0:2 LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:0:4010228989:(nil) LibClamAV debug: cli_unzip: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-3eda96eaefec6194ccc34e4e7a78e7ff.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: e77295fd480b05f9d22bd9e4f86c5cf3 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: e_lfanew == 200 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 3 LibClamAV debug: TimeDateStamp: Mon Apr 14 11:51:53 2008 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 8 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x1000 LibClamAV debug: SizeOfInitializedData: 0x1000 LibClamAV debug: SizeOfUninitializedData: 0x5000 LibClamAV debug: AddressOfEntryPoint: 0x6320 LibClamAV debug: BaseOfCode: 0x6000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x8000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: UPX0 LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x5000 0x5000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x0 0x0 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: UPX1 LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x6000 0x6000 LibClamAV debug: SizeOfRawData: 0x600 0x600 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x7000 0x7000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0xa00 0xa00 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x720 (1824) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression LibClamAV debug: UPX: Looks like a NRV2B decompression routine LibClamAV debug: UPX: PE structure rebuilt from compressed file LibClamAV debug: UPX: Successfully decompressed LibClamAV debug: ***** Scanning decompressed file ***** LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 3b03bc19b1f39587a0650c7b6fe35d38 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_peheader LibClamAV debug: *** Detected embedded PE file at 19936 *** LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_scanembpe: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized RAR file LibClamAV debug: cache_check: 240d23b090c954b017a73850af036178 is negative LibClamAV debug: in scanrar() LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: RAR: infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: RAR: Exit code: 1 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized RAR file LibClamAV debug: cache_check: f43c0b75c55428c5e84d6b40214ead41 is negative LibClamAV debug: in scanrar() LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: RAR: infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: RAR: Exit code: 1 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 1cce7fa3d68fdb429da830618c1ebfee is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type ZIP-SFX at 2569 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ZIP/ZIP-SFX signature found at 2569 LibClamAV debug: in cli_unzip_single LibClamAV debug: cli_unzip: lh - fname out of file LibClamAV debug: e_lfanew == 200 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 5 LibClamAV debug: TimeDateStamp: Mon Apr 14 11:51:53 2008 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 8 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x200 LibClamAV debug: SizeOfInitializedData: 0x400 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x5000 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x6000 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0xf7 0x1000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x122 0x1000 LibClamAV debug: VirtualAddress: 0x2000 0x2000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x600 0x600 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x200 0x1000 LibClamAV debug: VirtualAddress: 0x3000 0x3000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x800 0x800 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .clam LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x4000 0x4000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0xa00 0xa00 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .WWP32 LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x2b7 0x1000 LibClamAV debug: VirtualAddress: 0x5000 0x5000 LibClamAV debug: SizeOfRawData: 0x400 0x400 LibClamAV debug: PointerToRawData: 0xc00 0xc00 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0xc00 (3072) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: in wwunpack LibClamAV debug: WWP: src: 4000, szd: 18c, srcend: 188 - 0 LibClamAV debug: WWPack: Unpacked and rebuilt executable LibClamAV debug: ***** Scanning rebuilt PE file ***** LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 7b8cd3dd6a198ec191afce0206665d2d is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type ZIP-SFX at 20076 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ZIP/ZIP-SFX signature found at 20076 LibClamAV debug: in cli_unzip_single LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:256:ef073cfd:8:0:2 LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:0:4010228989:(nil) LibClamAV debug: cli_unzip: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-04f7bcd2aa204ee46a330b4985a89fcd.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 7f8a72eb63173c80729ebb8c9999d9db is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: e_lfanew == 200 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 4 LibClamAV debug: TimeDateStamp: Mon Apr 14 11:51:53 2008 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 8 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x1000 LibClamAV debug: SizeOfInitializedData: 0x1000 LibClamAV debug: SizeOfUninitializedData: 0x5000 LibClamAV debug: AddressOfEntryPoint: 0x8060 LibClamAV debug: BaseOfCode: 0x6000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0xa000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: UPX0 LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x5000 0x5000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x0 0x0 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: UPX1 LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x6000 0x6000 LibClamAV debug: SizeOfRawData: 0x600 0x600 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x7000 0x7000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0xa00 0xa00 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: yC LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x2000 0x2000 LibClamAV debug: VirtualAddress: 0x8000 0x8000 LibClamAV debug: SizeOfRawData: 0xc52 0xc52 LibClamAV debug: PointerToRawData: 0xc00 0xc00 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0xc60 (3168) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression LibClamAV debug: UPX: NRV2B decompressor failed LibClamAV debug: UPX: NRV2D decompressor failed LibClamAV debug: UPX: NRV2E decompressor failed LibClamAV debug: UPX: All decompressors failed LibClamAV debug: 3,200,2923,0 LibClamAV debug: yC: offset: 0, length: b6b LibClamAV debug: yC: decrypting decryptor on sect 3 LibClamAV debug: yC: decrypting sect1 LibClamAV debug: yC: Unpacked and rebuilt executable LibClamAV debug: ***** Scanning rebuilt PE file ***** LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 8822fca1f7b0cb5506f15f8088956197 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: e_lfanew == 200 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 3 LibClamAV debug: TimeDateStamp: Mon Apr 14 11:51:53 2008 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 8 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x1000 LibClamAV debug: SizeOfInitializedData: 0x1000 LibClamAV debug: SizeOfUninitializedData: 0x5000 LibClamAV debug: AddressOfEntryPoint: 0x0 LibClamAV debug: BaseOfCode: 0x6000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x8000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: UPX0 LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x5000 0x5000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x0 0x0 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: UPX1 LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x6000 0x6000 LibClamAV debug: SizeOfRawData: 0x600 0x600 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section's memory is executable LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x7000 0x7000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0xa00 0xa00 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x0 (0) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression LibClamAV debug: UPX: no luck - scanning for PE LibClamAV debug: UPX: PE structure rebuilt from compressed file LibClamAV debug: UPX: Successfully decompressed with NRV2B LibClamAV debug: ***** Scanning decompressed file ***** LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 3b03bc19b1f39587a0650c7b6fe35d38 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_peheader LibClamAV debug: *** Detected embedded PE file at 19936 *** LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 4/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_scanembpe: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized 7zip file LibClamAV debug: cache_check: 30cc73fe9ec56e474c4d19c57ffe0546 is negative LibClamAV debug: cli_7unz: extracting clam.exe LibClamAV debug: CDBNAME:CL_TYPE_7Z:0:clam.exe:0:544:0:0:4010228989:(nil) LibClamAV debug: cli_7unz: Saving to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-015889356fd0db16ca99939792f086a7.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_7unz: completed successfully LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized ARJ file LibClamAV debug: cache_check: f58327b03afd2a727c3329ba3c0947a7 is negative LibClamAV debug: in cli_scanarj() LibClamAV debug: in cli_unarj_open LibClamAV debug: Header Size: 44 LibClamAV debug: ARJ Main File Header LibClamAV debug: First Header Size: 34 LibClamAV debug: Version: 11 LibClamAV debug: Min version: 1 LibClamAV debug: Host OS: 2 LibClamAV debug: Flags: 0x10 LibClamAV debug: Security version: 0 LibClamAV debug: File type: 2 LibClamAV debug: Filename: clam.arj LibClamAV debug: Comment: LibClamAV debug: Extended header size: 0 LibClamAV debug: in cli_unarj_prepare_file LibClamAV debug: Header Size: 56 LibClamAV debug: ARJ File Header LibClamAV debug: First Header Size: 46 LibClamAV debug: Version: 11 LibClamAV debug: Min version: 1 LibClamAV debug: Host OS: 2 LibClamAV debug: Flags: 0x10 LibClamAV debug: Method: 1 LibClamAV debug: File type: 0 LibClamAV debug: File type: 232 LibClamAV debug: Compressed size: 269 LibClamAV debug: Original size: 544 LibClamAV debug: Filename: clam.exe LibClamAV debug: Comment: LibClamAV debug: Extended header size: 0 LibClamAV debug: CDBNAME:CL_TYPE_ARJ:269:clam.exe:269:544:0:1:0:(nil) LibClamAV debug: in cli_unarj_extract_file LibClamAV debug: Filename: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-acd8d71663b7b9d3fc03be556baa033f.tmp/file.uar LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: ARJ: infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: ARJ: Exit code: 1 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized CPIO OLD BINARY BE file LibClamAV debug: cache_check: f418df91fafd06fde1a23269d37959b4 is negative LibClamAV debug: CPIO: -- File 1 -- LibClamAV debug: CPIO: Name: clam.exe LibClamAV debug: CPIO: Filesize: 544 LibClamAV debug: CDBNAME:CL_TYPE_CPIO_OLD:544:clam.exe:544:544:0:1:0:(nil) LibClamAV debug: cli_map_scan: [36, +544) LibClamAV debug: cli_map_scandesc: [0, +1024), [36, +544) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized CPIO OLD BINARY LE file LibClamAV debug: cache_check: 72de8ccfc183c86eadd52f5f571d0fd7 is negative LibClamAV debug: CPIO: -- File 1 -- LibClamAV debug: CPIO: Name: clam.exe LibClamAV debug: CPIO: Filesize: 544 LibClamAV debug: CDBNAME:CL_TYPE_CPIO_OLD:544:clam.exe:544:544:0:1:0:(nil) LibClamAV debug: cli_map_scan: [36, +544) LibClamAV debug: cli_map_scandesc: [0, +1024), [36, +544) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized ZIP file LibClamAV debug: cache_check: 879ac518d351ac3ba22c9d54bd17174b is negative LibClamAV debug: in cli_unzip LibClamAV debug: cli_unzip: central @182 LibClamAV debug: cli_unzip: ch - flags 0 - method c - csize 15c - usize 220 - flen 8 - elen 0 - clen 0 - disk 0 - off 0 LibClamAV debug: cli_unzip: ch - fname: clam.exe LibClamAV debug: CDBNAME:CL_TYPE_ZIP:348:clam.exe:348:544:0:1:4010228989:(nil) LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:348:ef073cfd:12:1:1 LibClamAV debug: CDBNAME:CL_TYPE_ZIP:348:clam.exe:348:544:0:1:4010228989:(nil) LibClamAV debug: cli_unzip: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-289153294b9cedf80bd5e56296a023a9.tmp/zip.000 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS CAB file LibClamAV debug: cache_check: 05b9642706a9fc730b8371d239a9b8f9 is negative LibClamAV debug: mspack_fmap_seek() err 229 LibClamAV debug: cli_scanmscab() failed at 375 LibClamAV debug: Matched signature for file type CAB-SFX at 0 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: Descriptor[4]: CL_EFORMAT: Bad format or broken data LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS CHM file LibClamAV debug: cache_check: e938c5e5e17caf5177e5d205ae01524f is negative LibClamAV debug: mspack_fmap_seek() err 229 LibClamAV debug: cli_scanmschm() failed at 476 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: Descriptor[4]: CL_EFORMAT: Bad format or broken data LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized ZIP file LibClamAV debug: cache_check: 66e86fe942aea488a6ca46d3d2c007fd is negative LibClamAV debug: in cli_unzip LibClamAV debug: cli_unzip: central @136 LibClamAV debug: cli_unzip: ch - flags 2 - method 9 - csize 110 - usize 220 - flen 8 - elen 24 - clen 0 - disk 0 - off 0 LibClamAV debug: cli_unzip: ch - fname: clam.exe LibClamAV debug: CDBNAME:CL_TYPE_ZIP:272:clam.exe:272:544:0:1:4010228989:(nil) LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:272:ef073cfd:9:1:1 LibClamAV debug: CDBNAME:CL_TYPE_ZIP:272:clam.exe:272:544:0:1:4010228989:(nil) LibClamAV debug: cli_unzip: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-93ccc5d74b87d1f3e235a67f49d87780.tmp/zip.000 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 6b2324ea0df473777f58ca8d59d53ea5 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 809, rva: 893c8 LibClamAV debug: cli_peheader: parsing version info @ rva 893c8 (1/1) LibClamAV debug: VersionInfo (31ee2): 'FileVersion'='3, 2, 4, 9' - VI:460069006c006500560065007200730069006f006e000000000033002c00200032002c00200034002c002000390000000000 LibClamAV debug: VersionInfo (31f1a): 'CompiledScript'='AutoIt v3 Script : 3, 2, 4, 9' - VI:43006f006d00700069006c006500640053006300720069007000740000004100750074006f0049007400200076003300200053006300720069007000740020003a00200033002c00200032002c00200034002c00200039000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type AUTOIT at 206848 LibClamAV debug: hashtab: Freeing hashset, elements: 2, capacity: 64 LibClamAV debug: AUTOIT signature found at 206848 LibClamAV debug: in scanautoit() LibClamAV debug: autoit: magic string '>AUTOIT UNICODE SCRIPT<' LibClamAV debug: autoit: original filename 'C:\DOCUME~1\acab\IMPOST~1\Temp\autD.tmp' LibClamAV debug: autoit: compressed size: 1112 LibClamAV debug: autoit: advertised uncompressed size 57e6 LibClamAV debug: autoit: ref chksum: 2142245d LibClamAV debug: autoit: file is compressed LibClamAV debug: autoit: uncompressed size again: 57e6 LibClamAV debug: autoit: file successfully extracted LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized UTF-16LE character data LibClamAV debug: entconv: Encoding UTF-16LE LibClamAV debug: entconv: iconv:registering atexit LibClamAV debug: entconv: Initializing iconv pool:0x5f210 LibClamAV debug: entconv: iconv not found in cache, for encoding:UTF-16LE LibClamAV debug: entconv: iconv_open(),for:UTF-16LE -> 0x5eeb0 LibClamAV debug: in_iconv_u16: unprocessed bytes: 0 LibClamAV debug: cache_check: 144d97bc59d6944c6cf31e3fca78f432 is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 144d97bc59d6944c6cf31e3fca78f432 (level 0) LibClamAV debug: autoit: magic string 'C:\clam.exe' LibClamAV debug: autoit: original filename 'C:\clam.exe' LibClamAV debug: autoit: compressed size: 132 LibClamAV debug: autoit: advertised uncompressed size 220 LibClamAV debug: autoit: ref chksum: 204d611b LibClamAV debug: autoit: file is compressed LibClamAV debug: autoit: uncompressed size again: 220 LibClamAV debug: autoit: file successfully extracted LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 21d1acd7ff5a8ff24b08d07be6f47709 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 809, rva: 9a4e8 LibClamAV debug: cli_peheader: parsing version info @ rva 9a4e8 (1/1) LibClamAV debug: VersionInfo (3d31e): 'FileVersion'='3, 2, 8, 1' - VI:460069006c006500560065007200730069006f006e000000000033002c00200032002c00200038002c002000310000000000 LibClamAV debug: VersionInfo (3d356): 'CompiledScript'='AutoIt v3 Script : 3, 2, 8, 1' - VI:43006f006d00700069006c006500640053006300720069007000740000004100750074006f0049007400200076003300200053006300720069007000740020003a00200033002c00200032002c00200038002c00200031000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type AUTOIT at 252928 LibClamAV debug: hashtab: Freeing hashset, elements: 2, capacity: 64 LibClamAV debug: AUTOIT signature found at 252928 LibClamAV debug: in scanautoit() LibClamAV debug: fpu: Floating point big endian detected. LibClamAV debug: autoit: magic string '>>>AUTOIT SCRIPT<<<' LibClamAV debug: autoit: original filename 'C:\DOCUME~1\acab\IMPOST~1\Temp\aut7.tmp' LibClamAV debug: autoit: compressed size: 1156 LibClamAV debug: autoit: advertised uncompressed size 4dd1 LibClamAV debug: autoit: ref chksum: f7b40440 LibClamAV debug: autoit: file is compressed LibClamAV debug: autoit: uncompressed size again: 4dd1 LibClamAV debug: autoit: script has got 331 lines LibClamAV debug: autoit: script successfully extracted LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: 8903cae272bf36a778c2f361ba282d42 is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 8903cae272bf36a778c2f361ba282d42 (level 0) LibClamAV debug: autoit: magic string 'C:\clam.exe' LibClamAV debug: autoit: original filename 'C:\clam.exe' LibClamAV debug: autoit: compressed size: 130 LibClamAV debug: autoit: advertised uncompressed size 220 LibClamAV debug: autoit: ref chksum: 74306db2 LibClamAV debug: autoit: file is compressed LibClamAV debug: autoit: uncompressed size again: 220 LibClamAV debug: autoit: file successfully extracted LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized BinHex file LibClamAV debug: cache_check: 2ac43b63da9af01c299936b345746126 is negative LibClamAV debug: in cli_binhex LibClamAV debug: cli_binhex: decoding 'clam.exe' - 544 bytes of data to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-b1416205fbfc9cfb4954772763d94e3b.tmp - 1 bytes or resources to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-4e18c91f511314ea9c72b91497bbaca7.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized BZip file LibClamAV debug: cache_check: 6fd6a864ed39180892e6f2e75a0c497f is negative LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: Bzip: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: Matched signature for file type HTML data LibClamAV debug: cache_check: 7aede91f6a4399ebc923e196ae01530f is negative LibClamAV debug: in cli_scanhtml() LibClamAV debug: cli_scanhtml: using tempdir /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-db70124d30e497c181a1d73e49dc24cf.tmp LibClamAV debug: RFC2397 data file: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-db70124d30e497c181a1d73e49dc24cf.tmp/rfc2397/clamav-bd06427204a0d156f433ad7aca27fe25.tmp LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MBox file LibClamAV debug: cache_check: f8c0f87349a4318a414ea00b11643c5b is negative LibClamAV debug: Starting cli_scanmail(), recursion = 2 LibClamAV debug: in mbox() LibClamAV debug: Extract attachments from email 1 LibClamAV debug: parseEmailHeaders LibClamAV debug: parseEmailHeaders: check 'From html-normalise' LibClamAV debug: parseEmailHeaders: check 'Content-type: application/octet-stream;base64' LibClamAV debug: parseEmailHeader 'Content-type: application/octet-stream;base64' LibClamAV debug: parseMimeHeader: cmd='Content-type', arg=' application/octet-stream;base64' LibClamAV debug: messageSetMimeType: 'application' LibClamAV debug: mimeArgs = 'base64' LibClamAV debug: Add arguments 'base64' LibClamAV debug: Can't parse header "base64" LibClamAV debug: parseEmailHeaders: check 'Content-transfer-encoding: base64' LibClamAV debug: parseEmailHeader 'Content-transfer-encoding: base64' LibClamAV debug: parseMimeHeader: cmd='Content-transfer-encoding', arg=' base64' LibClamAV debug: messageSetEncoding: 'base64' LibClamAV debug: Encoding type 1 is "base64" LibClamAV debug: parseEmailHeaders: check '' LibClamAV debug: End of header information LibClamAV debug: newline_in_header, check "TVpQAAIAAAAEAA8A//8AALgAAAAhAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAALtxEEAAM8BQUIvzU1NQsClAMARmrHn5ujEAeA2tUP9mcA4fvjEA6eX/tAnNIbRMzSFiDAoBAnB2FwIeTgwEL9rMEAAAAAAAAAAAAAAAAAAAwBAAAIAQAAAAAAAAAAAAAAAAAADaEAAA9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAS0VSTkVMMzIuRExMAABFeGl0UHJvY2VzcwBVU0VSMzIuRExMAENMQU1lc3NhZ2VCb3hBAOYQAAAAAAAAPz8/P1BFAABMAQEAYUNhQgAAAAAAAAAA4ACOgQsBAhkABAAAAAYAAAAAAABAEAAAABAAAEAAAAAAAEAAABAAAAACAAABAAAAAAAAAAMACgAAAAAAACAAAAAEAAAAAAAAAgAAAAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhBAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW0NMQU1BVl0AEAAAABAAAAACAAABAAAAAAAAAAAAAAAAAAAAAAAAwA==" LibClamAV debug: parseEmailHeaders: finished with headers, moving body LibClamAV debug: parseEmailHeaders: return LibClamAV debug: in parseEmailBody, 0 files saved so far LibClamAV debug: Parsing mail file LibClamAV debug: mimeType = 1 LibClamAV debug: messageToFileblob LibClamAV debug: messageExport: numberOfEncTypes == 1 LibClamAV debug: messageExport: enctype 0 is 2 LibClamAV debug: Attachment sent with no filename LibClamAV debug: messageAddArgument, arg='name=attachment' LibClamAV debug: blobSetFilename: attachment LibClamAV debug: fileblobSetFilename: file attachment saved to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-659e1d3f0201a6ed01f50a3fd44666d4.tmp/clamav-24e62d0470d5cfc553f07084f0f1918d.tmp LibClamAV debug: sanitiseBase64 'TVpQAAIAAAAEAA8A//8AALgAAAAhAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAALtxEEAAM8BQUIvzU1NQsClAMARmrHn5ujEAeA2tUP9mcA4fvjEA6eX/tAnNIbRMzSFiDAoBAnB2FwIeTgwEL9rMEAAAAAAAAAAAAAAAAAAAwBAAAIAQAAAAAAAAAAAAAAAAAADaEAAA9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAS0VSTkVMMzIuRExMAABFeGl0UHJvY2VzcwBVU0VSMzIuRExMAENMQU1lc3NhZ2VCb3hBAOYQAAAAAAAAPz8/P1BFAABMAQEAYUNhQgAAAAAAAAAA4ACOgQsBAhkABAAAAAYAAAAAAABAEAAAABAAAEAAAAAAAEAAABAAAAACAAABAAAAAAAAAAMACgAAAAAAACAAAAAEAAAAAAAAAgAAAAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhBAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW0NMQU1BVl0AEAAAABAAAAACAAABAAAAAAAAAAAAAAAAAAAAAAAAwA' LibClamAV debug: Exported 543 bytes using enctype 2 LibClamAV debug: 2 trailing bytes to export LibClamAV debug: base64chars = 2 (0 @ @) LibClamAV debug: Saving main message as attachment LibClamAV debug: CDBNAME:CL_TYPE_MAIL:544:attachment:544:544:0:0:0:(nil) LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-659e1d3f0201a6ed01f50a3fd44666d4.tmp/clamav-24e62d0470d5cfc553f07084f0f1918d.tmp is infected LibClamAV debug: fileblobDestructiveDestroy: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-659e1d3f0201a6ed01f50a3fd44666d4.tmp/clamav-24e62d0470d5cfc553f07084f0f1918d.tmp LibClamAV debug: parseEmailBody() returning 3 LibClamAV debug: cli_mbox returning 1 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MBox file LibClamAV debug: cache_check: da3221bb1a6b9547dbe894d4483c5032 is negative LibClamAV debug: Starting cli_scanmail(), recursion = 1 LibClamAV debug: in mbox() LibClamAV debug: Extract attachments from email 1 LibClamAV debug: parseEmailHeaders LibClamAV debug: parseEmailHeaders: check 'From test@example.com Thu Jul 31 13:49:50 2008' LibClamAV debug: parseEmailHeaders: check 'From: test@example.com' LibClamAV debug: parseEmailHeaders: check 'MIME-Version: 1.0' LibClamAV debug: parseEmailHeaders: check 'Content-Type: Application/Octet-Stream; name="clam.exe"' LibClamAV debug: parseEmailHeader 'Content-Type: Application/Octet-Stream; name="clam.exe"' LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' Application/Octet-Stream; name="clam.exe"' LibClamAV debug: messageSetMimeType: 'Application' LibClamAV debug: mimeArgs = ' name="clam.exe"' LibClamAV debug: Add arguments ' name="clam.exe"' LibClamAV debug: messageAddArgument, arg='name=clam.exe' LibClamAV debug: parseEmailHeaders: check 'Content-Transfer-Encoding: Base64' LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: Base64' LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' Base64' LibClamAV debug: messageSetEncoding: 'Base64' LibClamAV debug: Encoding type 1 is "Base64" LibClamAV debug: parseEmailHeaders: check '' LibClamAV debug: End of header information LibClamAV debug: newline_in_header, check "TVpQAAIAAAAEAA8A//8AALgAAAAhAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" LibClamAV debug: parseEmailHeaders: finished with headers, moving body LibClamAV debug: parseEmailHeaders: return LibClamAV debug: in parseEmailBody, 0 files saved so far LibClamAV debug: Parsing mail file LibClamAV debug: mimeType = 1 LibClamAV debug: messageToFileblob LibClamAV debug: messageExport: numberOfEncTypes == 1 LibClamAV debug: messageExport: enctype 0 is 2 LibClamAV debug: blobSetFilename: clam.exe LibClamAV debug: fileblobSetFilename: file clam.exe saved to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-4608d73ba3bb32f51ded07c13133f31c.tmp/clamav-8d0e34258cdc6a6462c26f24f5b1a586.tmp LibClamAV debug: sanitiseBase64 'TVpQAAIAAAAEAA8A//8AALgAAAAhAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' LibClamAV debug: sanitiseBase64 'AAAAAAEAALtxEEAAM8BQUIvzU1NQsClAMARmrHn5ujEAeA2tUP9mcA4fvjEA6eX/tAnNIbRMzSFi' LibClamAV debug: sanitiseBase64 'DAoBAnB2FwIeTgwEL9rMEAAAAAAAAAAAAAAAAAAAwBAAAIAQAAAAAAAAAAAAAAAAAADaEAAA9BAA' LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAS0VSTkVMMzIuRExMAABFeGl0UHJvY2VzcwBVU0VSMzIuRExM' LibClamAV debug: sanitiseBase64 'AENMQU1lc3NhZ2VCb3hBAOYQAAAAAAAAPz8/P1BFAABMAQEAYUNhQgAAAAAAAAAA4ACOgQsBAhkA' LibClamAV debug: sanitiseBase64 'BAAAAAYAAAAAAABAEAAAABAAAEAAAAAAAEAAABAAAAACAAABAAAAAAAAAAMACgAAAAAAACAAAAAE' LibClamAV debug: sanitiseBase64 'AAAAAAAAAgAAAAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhBAAAIAAAAAAAAAAAAAA' LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW0NMQU1BVl0A' LibClamAV debug: sanitiseBase64 'EAAAABAAAAACAAABAAAAAAAAAAAAAAAAAAAAAAAAwA' LibClamAV debug: Exported 543 bytes using enctype 2 LibClamAV debug: 2 trailing bytes to export LibClamAV debug: base64chars = 2 (0 @ @) LibClamAV debug: Saving main message as attachment LibClamAV debug: CDBNAME:CL_TYPE_MAIL:544:clam.exe:544:544:0:0:0:(nil) LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-4608d73ba3bb32f51ded07c13133f31c.tmp/clamav-8d0e34258cdc6a6462c26f24f5b1a586.tmp is infected LibClamAV debug: fileblobDestructiveDestroy: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-4608d73ba3bb32f51ded07c13133f31c.tmp/clamav-8d0e34258cdc6a6462c26f24f5b1a586.tmp LibClamAV debug: parseEmailBody() returning 3 LibClamAV debug: cli_mbox returning 1 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MBox file LibClamAV debug: cache_check: 69a26d9c8eda12094e588f66bf85b212 is negative LibClamAV debug: Starting cli_scanmail(), recursion = 1 LibClamAV debug: in mbox() LibClamAV debug: blobSetFilename: clam.exe LibClamAV debug: fileblobSetFilename: file clam.exe saved to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-e91d9f7a389c454a043c1486bafae0c1.tmp/clamav-d52473c64bf2686fa9d3ae86aefe855a.tmp LibClamAV debug: uudecode clam.exe LibClamAV debug: fileblobDestroy: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-e91d9f7a389c454a043c1486bafae0c1.tmp/clamav-d52473c64bf2686fa9d3ae86aefe855a.tmp LibClamAV debug: Extract attachments from email 1 LibClamAV debug: parseEmailHeaders LibClamAV debug: parseEmailHeaders: check 'From test@example.com Thu Jul 31 13:51:21 2008' LibClamAV debug: parseEmailHeaders: check 'From: test@example.com' LibClamAV debug: parseEmailHeaders: check 'MIME-Version: 1.0' LibClamAV debug: parseEmailHeaders: check 'Content-Type: Application/Octet-Stream; name="clam.exe"' LibClamAV debug: parseEmailHeader 'Content-Type: Application/Octet-Stream; name="clam.exe"' LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' Application/Octet-Stream; name="clam.exe"' LibClamAV debug: messageSetMimeType: 'Application' LibClamAV debug: mimeArgs = ' name="clam.exe"' LibClamAV debug: Add arguments ' name="clam.exe"' LibClamAV debug: messageAddArgument, arg='name=clam.exe' LibClamAV debug: parseEmailHeaders: check 'Content-Transfer-Encoding: x-uuencode' LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: x-uuencode' LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' x-uuencode' LibClamAV debug: messageSetEncoding: 'x-uuencode' LibClamAV debug: Encoding type 1 is "x-uuencode" LibClamAV debug: parseEmailHeaders: check '' LibClamAV debug: End of header information LibClamAV debug: newline_in_header, check "e" LibClamAV debug: parseEmailHeaders: finished with headers, moving body LibClamAV debug: parseEmailHeaders: return LibClamAV debug: in parseEmailBody, 0 files saved so far LibClamAV debug: Parsing mail file LibClamAV debug: mimeType = 1 LibClamAV debug: messageToFileblob LibClamAV debug: messageExport: numberOfEncTypes == 1 LibClamAV debug: messageExport: enctype 0 is 5 LibClamAV debug: messageExport: treat uuencode as text/plain LibClamAV debug: messageSetEncoding: 'base64' LibClamAV debug: Encoding type 2 is "base64" LibClamAV debug: blobSetFilename: clam.exe LibClamAV debug: fileblobSetFilename: file clam.exe saved to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-e91d9f7a389c454a043c1486bafae0c1.tmp/clamav-46d5cb2fa810500b627b57d54babfccd.tmp LibClamAV debug: textToFileBlob to clam.exe, destroy = 0 LibClamAV debug: fileblobDestroy: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-e91d9f7a389c454a043c1486bafae0c1.tmp/clamav-46d5cb2fa810500b627b57d54babfccd.tmp LibClamAV debug: messageExport: enctype 1 is 2 LibClamAV debug: blobSetFilename: clam.exe LibClamAV debug: fileblobSetFilename: file clam.exe saved to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-e91d9f7a389c454a043c1486bafae0c1.tmp/clamav-c32fe954383d56694c5733cddf5f9eab.tmp LibClamAV debug: sanitiseBase64 'e' LibClamAV debug: Exported 0 bytes using enctype 2 LibClamAV debug: 1 trailing bytes to export LibClamAV debug: base64chars = 1 (@ @ @) LibClamAV debug: Saving main message as attachment LibClamAV debug: fileblobScan, ctx == NULL LibClamAV debug: fileblobDestroy: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-e91d9f7a389c454a043c1486bafae0c1.tmp/clamav-c32fe954383d56694c5733cddf5f9eab.tmp LibClamAV debug: Saving text part to scan, rc = 1 LibClamAV debug: messageAddArgument, arg='filename=textportion' LibClamAV debug: Force mime encoding to application LibClamAV debug: messageSetMimeType: 'application' LibClamAV debug: messageToFileblob LibClamAV debug: parseEmailBody() returning 1 LibClamAV debug: cli_mbox returning 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Small data (1 bytes) LibClamAV debug: cli_magic_scandesc: returning 0 at line 3602 (no post, no cache) LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized RTF file LibClamAV debug: cache_check: 04cf3829d62e39af9ac138a38ed73117 is negative LibClamAV debug: in cli_scanrtf() LibClamAV debug: RTF: waiting for magic LibClamAV debug: RTF: description length:8 LibClamAV debug: RTF: in WAIT_DESC LibClamAV debug: Preparing to dump rtf embedded object, description:Package LibClamAV debug: RTF: next state: wait_data_size LibClamAV debug: RTF: in WAIT_DATA_SIZE LibClamAV debug: Dumping rtf embedded object of size:639 LibClamAV debug: RTF: next state: DUMP_DATA LibClamAV debug: RTF:Scanning embedded object:/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-55f05efb717a3ee409d0691a9a3fd271.tmp/clamav-050dae4dad31d4792c021d17ee9913d8.tmp LibClamAV debug: Decoding ole object LibClamAV debug: cli_decode_ole_object: decoding to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-8437048b914b96f9823ea36f4cdd5c65.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized compress.exed file LibClamAV debug: cache_check: e24d74f1524609277d2af5b497121a41 is negative LibClamAV debug: in cli_scanszdd() LibClamAV debug: MSEXPAND: File size from header: 544 LibClamAV debug: MSEXPAND: Decompressed into /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-1161d4a9882f08caca16894dbc846a7e.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized ZIP file LibClamAV debug: cache_check: 0048ab72da0177e75e852bdce3fdd69e is negative LibClamAV debug: in cli_unzip LibClamAV debug: cli_unzip: central @13e LibClamAV debug: cli_unzip: ch - flags 0 - method 6 - csize 118 - usize 220 - flen 8 - elen 0 - clen 0 - disk 0 - off 0 LibClamAV debug: cli_unzip: ch - fname: CLAM.EXE LibClamAV debug: CDBNAME:CL_TYPE_ZIP:280:CLAM.EXE:280:544:0:1:4010228989:(nil) LibClamAV debug: cli_unzip: lh - ZMDNAME:0:CLAM.EXE:544:280:ef073cfd:6:1:1 LibClamAV debug: CDBNAME:CL_TYPE_ZIP:280:CLAM.EXE:280:544:0:1:4010228989:(nil) LibClamAV debug: cli_unzip: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-c6931601e7b54b04abc17d50f9a9c750.tmp/zip.000 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 2ede2afebefe66b71744584bbfd004c9 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: Matched signature for file type ISO9660 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ISO9660 signature found at 32768 LibClamAV debug: in cli_scaniso LibClamAV debug: cli_scaniso: Raw sector size: 2048 LibClamAV debug: cli_scaniso: Block size: 2048 LibClamAV debug: cli_scaniso: Volume descriptor version: 1 LibClamAV debug: cli_scaniso: System: LINUX LibClamAV debug: cli_scaniso: Volume: CDROM LibClamAV debug: cli_scaniso: Volume space size: 0xb0 blocks LibClamAV debug: cli_scaniso: Volume 1 of 1 LibClamAV debug: cli_scaniso: Volume Set: LibClamAV debug: cli_scaniso: Publisher: LibClamAV debug: cli_scaniso: Data Preparer: LibClamAV debug: cli_scaniso: Application: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM LibClamAV debug: cli_scaniso: Volume creation time: 2011-11-22 19:06:50 LibClamAV debug: cli_scaniso: Volume modification time: 2011-11-22 19:06:50 LibClamAV debug: cli_scaniso: Volume expiration time: 0000-00-00 00:00:00 LibClamAV debug: cli_scaniso: Volume effective time: 2011-11-22 19:06:50 LibClamAV debug: cli_scaniso: Path table size: 0x16 LibClamAV debug: cli_scaniso: LSB Path Table: 0x13 LibClamAV debug: cli_scaniso: Opt LSB Path Table: 0x0 LibClamAV debug: cli_scaniso: MSB Path Table: 0x15 LibClamAV debug: cli_scaniso: Opt MSB Path Table: 0x0 LibClamAV debug: cli_scaniso: File Structure Version: 1 LibClamAV debug: iso_parse_dir: Directory 'DIR': off 18 - size 800 - flags 2 - unit size 0 - gap size 0 - volume 1 LibClamAV debug: CDBNAME:CL_TYPE_ISO9660:2048:DIR:2048:2048:0:0:0:(nil) LibClamAV debug: iso_parse_dir: File 'CLAM.EXE': off 19 - size 220 - flags 0 - unit size 0 - gap size 0 - volume 1 LibClamAV debug: CDBNAME:CL_TYPE_ISO9660:544:CLAM.EXE:544:544:0:0:0:(nil) LibClamAV debug: iso_scan_file: dumping to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-4e2ea54f4c5b6c348b0fa55f39bd61bf.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: hashtab: Freeing hashset, elements: 2, capacity: 1024 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized Exim mail file LibClamAV debug: cache_check: a57a8f14a6d5a0ec8d373d646ce1f88a is negative LibClamAV debug: Starting cli_scanmail(), recursion = 1 LibClamAV debug: in mbox() LibClamAV debug: parseEmailFile LibClamAV debug: parseEmailFile: check 'From: ClamAV' fullline (nil) LibClamAV debug: parseEmailFile: check 'To: ClamAV' fullline (nil) LibClamAV debug: parseEmailFile: check 'Subject: ClamAV Test File' fullline (nil) LibClamAV debug: parseEmailFile: check 'Message-ID: <20080603232833.1aeaf8f1@ClamAV>' fullline (nil) LibClamAV debug: parseEmailFile: check 'Organization: ClamAV' fullline (nil) LibClamAV debug: parseEmailFile: check 'Mime-Version: 1.0' fullline (nil) LibClamAV debug: parseEmailFile: check 'Content-Type: multipart/mixed; boundary="MP_/6OvrPH9HEPZRUCVu6uT=Fey"' fullline (nil) LibClamAV debug: parseEmailHeader 'Content-Type: multipart/mixed; boundary="MP_/6OvrPH9HEPZRUCVu6uT=Fey"' LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' multipart/mixed; boundary="MP_/6OvrPH9HEPZRUCVu6uT=Fey"' LibClamAV debug: messageSetMimeType: 'multipart' LibClamAV debug: mimeArgs = ' boundary="MP_/6OvrPH9HEPZRUCVu6uT=Fey"' LibClamAV debug: Add arguments ' boundary="MP_/6OvrPH9HEPZRUCVu6uT=Fey"' LibClamAV debug: messageAddArgument, arg='boundary=MP_/6OvrPH9HEPZRUCVu6uT=Fey' LibClamAV debug: parseEmailFile: check '' fullline (nil) LibClamAV debug: End of header information LibClamAV debug: newline_in_header, check "--MP_/6OvrPH9HEPZRUCVu6uT=Fey" LibClamAV debug: getline_from_mbox: fmap need failed LibClamAV debug: parseEmailFile: return LibClamAV debug: in parseEmailBody, 0 files saved so far LibClamAV debug: Parsing mail file LibClamAV debug: mimeType = 5 LibClamAV debug: Content-type 'multipart' handler LibClamAV debug: boundaryStart: found MP_/6OvrPH9HEPZRUCVu6uT=Fey in --MP_/6OvrPH9HEPZRUCVu6uT=Fey LibClamAV debug: Now read in part 0 LibClamAV debug: Multipart 0: About to parse folded header 'Content-Type: text/plain; charset=US-ASCII' LibClamAV debug: parseEmailHeader 'Content-Type: text/plain; charset=US-ASCII' LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' text/plain; charset=US-ASCII' LibClamAV debug: messageSetMimeType: 'text' LibClamAV debug: mimeArgs = ' charset=US-ASCII' LibClamAV debug: Add arguments ' charset=US-ASCII' LibClamAV debug: messageAddArgument, arg='charset=US-ASCII' LibClamAV debug: Discarding unwanted argument 'charset=US-ASCII' LibClamAV debug: Multipart 0: About to parse folded header 'Content-Transfer-Encoding: 7bit' LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: 7bit' LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' 7bit' LibClamAV debug: messageSetEncoding: '7bit' LibClamAV debug: Encoding type 1 is "7bit" LibClamAV debug: Multipart 0: About to parse folded header 'Content-Disposition: inline' LibClamAV debug: parseEmailHeader 'Content-Disposition: inline' LibClamAV debug: parseMimeHeader: cmd='Content-Disposition', arg=' inline' LibClamAV debug: messageAddArgument, arg='filename=unknown' LibClamAV debug: Multipart 0: End of header information LibClamAV debug: boundaryStart: found MP_/6OvrPH9HEPZRUCVu6uT=Fey in --MP_/6OvrPH9HEPZRUCVu6uT=Fey LibClamAV debug: Part 0 has 1 lines, rc = 1 LibClamAV debug: Mixed message part 0 is of type 6 LibClamAV debug: Mixed message text part disposition "inline" LibClamAV debug: Mime subtype "plain" LibClamAV debug: Treating inline as attachment LibClamAV debug: messageToFileblob LibClamAV debug: messageExport: numberOfEncTypes == 1 LibClamAV debug: messageExport: enctype 0 is 0 LibClamAV debug: messageSetEncoding: 'base64' LibClamAV debug: Encoding type 2 is "base64" LibClamAV debug: blobSetFilename: unknown LibClamAV debug: fileblobSetFilename: file unknown saved to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-7fa1a56b95eb148fdf8091b9c63ee58c.tmp/clamav-f0fe4fedafefd8c9ba4ba2b15b0effd9.tmp LibClamAV debug: textToFileBlob to unknown, destroy = 0 LibClamAV debug: fileblobDestroy: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-7fa1a56b95eb148fdf8091b9c63ee58c.tmp/clamav-f0fe4fedafefd8c9ba4ba2b15b0effd9.tmp LibClamAV debug: messageExport: enctype 1 is 2 LibClamAV debug: blobSetFilename: unknown LibClamAV debug: fileblobSetFilename: file unknown saved to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-7fa1a56b95eb148fdf8091b9c63ee58c.tmp/clamav-7b1507e8b4a07edbe09692a7be188603.tmp LibClamAV debug: sanitiseBase64 'This is a ClamAV test file with embedded clam.exe' LibClamAV debug: Exported 30 bytes using enctype 2 LibClamAV debug: CDBNAME:CL_TYPE_MAIL:30:unknown:30:30:0:0:0:(nil) LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: 8fe7d75a1adb2d661f9f622b32fb503b is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 8fe7d75a1adb2d661f9f622b32fb503b (level 0) LibClamAV debug: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-7fa1a56b95eb148fdf8091b9c63ee58c.tmp/clamav-7b1507e8b4a07edbe09692a7be188603.tmp is clean LibClamAV debug: fileblobDestructiveDestroy: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-7fa1a56b95eb148fdf8091b9c63ee58c.tmp/clamav-7b1507e8b4a07edbe09692a7be188603.tmp LibClamAV debug: Now read in part 0 LibClamAV debug: Multipart 0: About to parse folded header 'Content-Type: application/x-ms-dos-executable; name=clam.exe' LibClamAV debug: parseEmailHeader 'Content-Type: application/x-ms-dos-executable; name=clam.exe' LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' application/x-ms-dos-executable; name=clam.exe' LibClamAV debug: messageSetMimeType: 'application' LibClamAV debug: mimeArgs = ' name=clam.exe' LibClamAV debug: Add arguments ' name=clam.exe' LibClamAV debug: messageAddArgument, arg='name=clam.exe' LibClamAV debug: Multipart 0: About to parse folded header 'Content-Transfer-Encoding: base64' LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: base64' LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' base64' LibClamAV debug: messageSetEncoding: 'base64' LibClamAV debug: Encoding type 1 is "base64" LibClamAV debug: Multipart 0: About to parse folded header 'Content-Disposition: attachment; filename=clam.exe' LibClamAV debug: parseEmailHeader 'Content-Disposition: attachment; filename=clam.exe' LibClamAV debug: parseMimeHeader: cmd='Content-Disposition', arg=' attachment; filename=clam.exe' LibClamAV debug: messageAddArgument, arg='filename=clam.exe' LibClamAV debug: Multipart 0: End of header information LibClamAV debug: Part 0 has 11 lines, rc = 1 LibClamAV debug: Mixed message part 0 is of type 1 LibClamAV debug: messageToFileblob LibClamAV debug: messageExport: numberOfEncTypes == 1 LibClamAV debug: messageExport: enctype 0 is 2 LibClamAV debug: blobSetFilename: clam.exe LibClamAV debug: fileblobSetFilename: file clam.exe saved to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-7fa1a56b95eb148fdf8091b9c63ee58c.tmp/clamav-c11d4af7a6f8b59ca220864237ab81cf.tmp LibClamAV debug: sanitiseBase64 'TVpQAAIAAAAEAA8A//8AALgAAAAhAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' LibClamAV debug: sanitiseBase64 'AAAAAAEAALtxEEAAM8BQUIvzU1NQsClAMARmrHn5ujEAeA2tUP9mcA4fvjEA6eX/tAnNIbRMzSFi' LibClamAV debug: sanitiseBase64 'DAoBAnB2FwIeTgwEL9rMEAAAAAAAAAAAAAAAAAAAwBAAAIAQAAAAAAAAAAAAAAAAAADaEAAA9BAA' LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAS0VSTkVMMzIuRExMAABFeGl0UHJvY2VzcwBVU0VSMzIuRExM' LibClamAV debug: sanitiseBase64 'AENMQU1lc3NhZ2VCb3hBAOYQAAAAAAAAPz8/P1BFAABMAQEAYUNhQgAAAAAAAAAA4ACOgQsBAhkA' LibClamAV debug: sanitiseBase64 'BAAAAAYAAAAAAABAEAAAABAAAEAAAAAAAEAAABAAAAACAAABAAAAAAAAAAMACgAAAAAAACAAAAAE' LibClamAV debug: sanitiseBase64 'AAAAAAAAAgAAAAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhBAAAIAAAAAAAAAAAAAA' LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' LibClamAV debug: sanitiseBase64 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW0NMQU1BVl0A' LibClamAV debug: sanitiseBase64 'EAAAABAAAAACAAABAAAAAAAAAAAAAAAAAAAAAAAAwA' LibClamAV debug: Exported 543 bytes using enctype 2 LibClamAV debug: 2 trailing bytes to export LibClamAV debug: base64chars = 2 (0 @ @) LibClamAV debug: CDBNAME:CL_TYPE_MAIL:544:clam.exe:544:544:0:0:0:(nil) LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-7fa1a56b95eb148fdf8091b9c63ee58c.tmp/clamav-c11d4af7a6f8b59ca220864237ab81cf.tmp is infected LibClamAV debug: fileblobDestructiveDestroy: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-7fa1a56b95eb148fdf8091b9c63ee58c.tmp/clamav-c11d4af7a6f8b59ca220864237ab81cf.tmp LibClamAV debug: The message has 0 parts LibClamAV debug: cli_mbox returning 1 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized CPIO NEWC file LibClamAV debug: cache_check: 0ad868ed626c3cdcd924d83d1dd85ead is negative LibClamAV debug: CPIO: -- File 1 -- LibClamAV debug: CPIO: Name: clam.exe LibClamAV debug: CPIO: Filesize: 544 LibClamAV debug: CDBNAME:CL_TYPE_CPIO_NEWC:544:clam.exe:544:544:0:1:0:(nil) LibClamAV debug: cli_map_scan: [120, +544) LibClamAV debug: cli_map_scandesc: [0, +1024), [120, +544) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized CPIO ODC file LibClamAV debug: cache_check: b874713310858f4299be1b41d31e4674 is negative LibClamAV debug: CPIO: -- File 1 -- LibClamAV debug: CPIO: Name: clam.exe LibClamAV debug: CPIO: Filesize: 544 LibClamAV debug: CDBNAME:CL_TYPE_CPIO_ODC:544:clam.exe:544:544:0:1:0:(nil) LibClamAV debug: cli_map_scan: [85, +544) LibClamAV debug: cli_map_scandesc: [0, +1024), [85, +544) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized OLE2 container file LibClamAV debug: cache_check: 72f471de3952aa10e0c729443ad7f65e is negative LibClamAV debug: in cli_scanole2() LibClamAV debug: in cli_ole2_extract() LibClamAV debug: LibClamAV debug: Magic: 0xd0cf11e0a1b11ae1 LibClamAV debug: CLSID: {0000-00-00-00-000000} LibClamAV debug: Minor version: 0x3e LibClamAV debug: DLL version: 0x3 LibClamAV debug: Byte Order: -2 LibClamAV debug: Big Block Size: 9 LibClamAV debug: Small Block Size: 6 LibClamAV debug: BAT count: 1 LibClamAV debug: Prop start: 18 LibClamAV debug: SBAT cutoff: 4096 LibClamAV debug: SBat start: 20 LibClamAV debug: SBat block count: 1 LibClamAV debug: XBat start: -2 LibClamAV debug: XBat block count: 0 LibClamAV debug: LibClamAV debug: Max block number: 248 LibClamAV debug: OLE2: VBA project found LibClamAV debug: OLE2: root entry [root] b size:0x00000f80 flags:0x00000000 LibClamAV debug: OLE2: _5_summaryinformation [file] b size:0x0000019c flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_5_summaryinformation' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-130f90674991ebb12b9fa2b6fff8be4e.tmp/8f77ea59a4794f91b39913db2e55f3fc_0' LibClamAV debug: OLE2: _5_documentsummaryinformation [file] b size:0x0000011c flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_5_documentsummaryinformation' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-130f90674991ebb12b9fa2b6fff8be4e.tmp/c94e3926fdf7b9e624cba640b87b17a8_0' LibClamAV debug: OLE2: worddocument [file] b size:0x0000102e flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping 'worddocument' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-130f90674991ebb12b9fa2b6fff8be4e.tmp/126ea3fd0ff7f18c9c5eec0c07398c49_0' LibClamAV debug: OLE2: 1table [file] r size:0x00000847 flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '1table' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-130f90674991ebb12b9fa2b6fff8be4e.tmp/0e2af3cf7b22050354734d7eb56b80d3_0' LibClamAV debug: OLE2: objectpool [dir ] b size:0x00000000 flags:0x00000000 LibClamAV debug: OLE2 dir entry: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-130f90674991ebb12b9fa2b6fff8be4e.tmp/000003 LibClamAV debug: OLE2: _1279313719 [dir ] b size:0x00000000 flags:0x00000000 LibClamAV debug: OLE2 dir entry: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-130f90674991ebb12b9fa2b6fff8be4e.tmp/000003/000004 LibClamAV debug: OLE2: _1_compobj [file] b size:0x00000052 flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_compobj' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-130f90674991ebb12b9fa2b6fff8be4e.tmp/000003/000004/88144fbcb62650fa72c360688f4772c7_0' LibClamAV debug: OLE2: _3_objinfo [file] b size:0x00000006 flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_3_objinfo' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-130f90674991ebb12b9fa2b6fff8be4e.tmp/000003/000004/b716b79df7921f86c7532913ba9e5562_0' LibClamAV debug: OLE2: _1_ole10native [file] r size:0x00000255 flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_ole10native' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-130f90674991ebb12b9fa2b6fff8be4e.tmp/000003/000004/e74f5f7bbf0b77708bc591157d708d3d_0' LibClamAV debug: OLE2: _1_ole [file] b size:0x00000014 flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_ole' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-130f90674991ebb12b9fa2b6fff8be4e.tmp/000003/000004/4d5f109dc1c0609112df3a2e6f747fea_0' LibClamAV debug: OLE2: _1_compobj [file] r size:0x00000075 flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_compobj' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-130f90674991ebb12b9fa2b6fff8be4e.tmp/88144fbcb62650fa72c360688f4772c7_1' LibClamAV debug: OLE2: data [file] b size:0x00001000 flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping 'data' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-130f90674991ebb12b9fa2b6fff8be4e.tmp/8d777f385d3dfec8815d20f7496026dc_0' LibClamAV debug: VBADir: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-130f90674991ebb12b9fa2b6fff8be4e.tmp LibClamAV debug: wm_readdir: macro offset: 0x41c0000 LibClamAV debug: wm_readdir: macro len: 0x160000 LibClamAV debug: wm_readdir: read macro_info failed LibClamAV debug: VBADir: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-130f90674991ebb12b9fa2b6fff8be4e.tmp/000003 LibClamAV debug: VBADir: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-130f90674991ebb12b9fa2b6fff8be4e.tmp/000003/000004 LibClamAV debug: cli_decode_ole_object: decoding to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-afa780ea19c83dadc2932f30ba8e480f.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized PDF document file LibClamAV debug: cache_check: f6a7821809bff648e8dbd72f027f3850 is negative LibClamAV debug: in cli_pdf(/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-603a072662f65e2c639dcaa316b83891.tmp) LibClamAV debug: cli_pdf: did not find valid xref LibClamAV debug: Bytecode executing hook id 258 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_pdf: found 1 0 obj @26 LibClamAV debug: cli_pdf: found 2 0 obj @100 LibClamAV debug: cli_pdf: found 3 0 obj @270 LibClamAV debug: cli_pdf: found 4 0 obj @338 LibClamAV debug: cli_pdf: found 5 0 obj @1719 LibClamAV debug: cli_pdf: found 6 0 obj @1925 LibClamAV debug: cli_pdf: found 7 0 obj @1963 LibClamAV debug: cli_pdf: found 8 0 obj @2016 LibClamAV debug: cli_pdf: found 9 0 obj @2054 LibClamAV debug: cli_pdf: found 10 0 obj @2484 LibClamAV debug: cli_pdf: found 11 0 obj @2773 LibClamAV debug: cli_pdf: found 12 0 obj @5181 LibClamAV debug: cli_pdf: found 13 0 obj @5283 LibClamAV debug: cli_pdf: found 14 0 obj @5308 LibClamAV debug: cli_pdf: found 15 0 obj @5729 LibClamAV debug: cli_pdf: found 16 0 obj @6391 LibClamAV debug: cli_pdf: found 17 0 obj @6474 LibClamAV debug: cli_pdf: 1 0 obj flags: 02 LibClamAV debug: cli_pdf: 2 0 obj flags: 02 LibClamAV debug: cli_pdf: 3 0 obj flags: 02 LibClamAV debug: cli_pdf: 4 0 obj flags: 03 LibClamAV debug: cli_pdf: found Contents stored in indirect object 14 0 LibClamAV debug: cli_pdf: 5 0 obj flags: 800002 LibClamAV debug: cli_pdf: 6 0 obj flags: 02 LibClamAV debug: cli_pdf: 7 0 obj flags: 02 LibClamAV debug: cli_pdf: 8 0 obj flags: 02 LibClamAV debug: cli_pdf: 9 0 obj flags: 02 LibClamAV debug: cli_pdf: 10 0 obj flags: 20002 LibClamAV debug: cli_pdf: 11 0 obj flags: 10023 LibClamAV debug: cli_pdf: 12 0 obj flags: 02 LibClamAV debug: cli_pdf: 13 0 obj: no dictionary LibClamAV debug: cli_pdf: 14 0 obj flags: 1010023 LibClamAV debug: cli_pdf: 15 0 obj flags: 07 LibClamAV debug: cli_pdf: 16 0 obj flags: 02 LibClamAV debug: cli_pdf: 17 0 obj flags: 1000002 LibClamAV debug: Bytecode executing hook id 258 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_pdf: (parsed hooks) returned 0 LibClamAV debug: pdf_extract_obj: obj 1 0 LibClamAV debug: pdf_extract_obj: obj 2 0 LibClamAV debug: pdf_extract_obj: obj 3 0 LibClamAV debug: pdf_extract_obj: obj 4 0 LibClamAV debug: cli_pdf: dumping obj 4 0 LibClamAV debug: -------------EXPERIMENTAL------------- LibClamAV debug: cli_pdf: /DecodeParms not found in dict LibClamAV debug: cli_pdf: /DP not found in dict LibClamAV debug: cli_pdf: detected 0 applied filters LibClamAV debug: cli_pdf: no non-forced filters decoded, returning raw stream LibClamAV debug: -------------EXPERIMENTAL------------- LibClamAV debug: cli_pdf: extracted 1287 bytes 4 0 obj LibClamAV debug: ... to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-603a072662f65e2c639dcaa316b83891.tmp/pdf00 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: afeb29d29db00e7b0a56c1095a45152c is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: afeb29d29db00e7b0a56c1095a45152c (level 0) LibClamAV debug: Bytecode executing hook id 258 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: pdf_extract_obj: obj 5 0 LibClamAV debug: pdf_extract_obj: obj 6 0 LibClamAV debug: pdf_extract_obj: obj 7 0 LibClamAV debug: pdf_extract_obj: obj 8 0 LibClamAV debug: pdf_extract_obj: obj 9 0 LibClamAV debug: pdf_extract_obj: obj 10 0 LibClamAV debug: pdf_extract_obj: obj 11 0 LibClamAV debug: cli_pdf: dumping obj 11 0 LibClamAV debug: -------------EXPERIMENTAL------------- LibClamAV debug: cli_pdf: /DecodeParms not found in dict LibClamAV debug: cli_pdf: /DP not found in dict LibClamAV debug: cli_pdf: detected 1 applied filters LibClamAV debug: cli_pdf: decoding [5] => FLATEDECODE LibClamAV debug: cli_pdf: inflated 2957 bytes from 2305 total bytes (0 bytes remaining) LibClamAV debug: -------------EXPERIMENTAL------------- LibClamAV debug: cli_pdf: extracted 2957 bytes 11 0 obj LibClamAV debug: ... to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-603a072662f65e2c639dcaa316b83891.tmp/pdf01 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 00caa7c99f05f5c47d95c516d38c6f1e is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 00caa7c99f05f5c47d95c516d38c6f1e (level 0) LibClamAV debug: Bytecode executing hook id 258 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: pdf_extract_obj: obj 12 0 LibClamAV debug: pdf_extract_obj: obj 13 0 LibClamAV debug: pdf_extract_obj: obj 14 0 LibClamAV debug: cli_pdf: dumping obj 14 0 LibClamAV debug: cli_pdf: length is in indirect object 13 0 LibClamAV debug: -------------EXPERIMENTAL------------- LibClamAV debug: cli_pdf: /DecodeParms not found in dict LibClamAV debug: cli_pdf: /DP not found in dict LibClamAV debug: cli_pdf: detected 1 applied filters LibClamAV debug: cli_pdf: decoding [5] => FLATEDECODE LibClamAV debug: cli_pdf: inflated 662 bytes from 334 total bytes (0 bytes remaining) LibClamAV debug: -------------EXPERIMENTAL------------- LibClamAV debug: cli_pdf: extracted 662 bytes 14 0 obj LibClamAV debug: ... to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-603a072662f65e2c639dcaa316b83891.tmp/pdf02 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: d6ceddd633b1dcc23e459f9579bde3b5 is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: d6ceddd633b1dcc23e459f9579bde3b5 (level 0) LibClamAV debug: Bytecode executing hook id 258 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_pdf: dumping contents 14 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: 33af3356d8761430f7c7c76d93613f9a is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 33af3356d8761430f7c7c76d93613f9a (level 0) LibClamAV debug: pdf_extract_obj: obj 15 0 LibClamAV debug: cli_pdf: dumping obj 15 0 LibClamAV debug: -------------EXPERIMENTAL------------- LibClamAV debug: cli_pdf: /DecodeParms not found in dict LibClamAV debug: cli_pdf: /DP not found in dict LibClamAV debug: cli_pdf: detected 0 applied filters LibClamAV debug: cli_pdf: no non-forced filters decoded, returning raw stream LibClamAV debug: -------------EXPERIMENTAL------------- LibClamAV debug: cli_pdf: extracted 544 bytes 15 0 obj LibClamAV debug: ... to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-603a072662f65e2c639dcaa316b83891.tmp/pdf03 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_pdf: returning 1 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized OLE2 container file LibClamAV debug: cache_check: 5cc36bead5044641bf74a209721220df is negative LibClamAV debug: in cli_scanole2() LibClamAV debug: in cli_ole2_extract() LibClamAV debug: LibClamAV debug: Magic: 0xd0cf11e0a1b11ae1 LibClamAV debug: CLSID: {0000-00-00-00-000000} LibClamAV debug: Minor version: 0x3e LibClamAV debug: DLL version: 0x3 LibClamAV debug: Byte Order: -2 LibClamAV debug: Big Block Size: 9 LibClamAV debug: Small Block Size: 6 LibClamAV debug: BAT count: 1 LibClamAV debug: Prop start: 1 LibClamAV debug: SBAT cutoff: 4096 LibClamAV debug: SBat start: 2 LibClamAV debug: SBat block count: 1 LibClamAV debug: XBat start: -2 LibClamAV debug: XBat block count: 0 LibClamAV debug: LibClamAV debug: Max block number: 520 LibClamAV debug: OLE2: VBA project found LibClamAV debug: OLE2: root entry [root] r size:0x00000c80 flags:0x00000000 LibClamAV debug: OLE2: _5_summaryinformation [file] b size:0x00005500 flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_5_summaryinformation' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-a66392502470188b7a91ca9f4bd159c9.tmp/8f77ea59a4794f91b39913db2e55f3fc_0' LibClamAV debug: OLE2: powerpoint document [file] b size:0x0000143e flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping 'powerpoint document' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-a66392502470188b7a91ca9f4bd159c9.tmp/87320d137f01f7b183eb533a1de6c62a_0' LibClamAV debug: OLE2: _5_documentsummaryinformation [file] r size:0x00000238 flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_5_documentsummaryinformation' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-a66392502470188b7a91ca9f4bd159c9.tmp/c94e3926fdf7b9e624cba640b87b17a8_0' LibClamAV debug: OLE2: pictures [file] b size:0x000009ce flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping 'pictures' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-a66392502470188b7a91ca9f4bd159c9.tmp/9ed98e5c3e9685aa3de82c99009a2ed3_0' LibClamAV debug: OLE2: current user [file] r size:0x0000002c flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping 'current user' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-a66392502470188b7a91ca9f4bd159c9.tmp/031e0a965ce78208b44b47340128ed45_0' LibClamAV debug: VBADir: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-a66392502470188b7a91ca9f4bd159c9.tmp LibClamAV debug: in ppt_read_atom_header LibClamAV debug: version: 0x0f LibClamAV debug: instance: 0x00 LibClamAV debug: type: 0x03e8 LibClamAV debug: length: 0x000004dc LibClamAV debug: in ppt_read_atom_header LibClamAV debug: version: 0x0f LibClamAV debug: instance: 0x00 LibClamAV debug: type: 0x03f8 LibClamAV debug: length: 0x00000a46 LibClamAV debug: in ppt_read_atom_header LibClamAV debug: version: 0x0f LibClamAV debug: instance: 0x00 LibClamAV debug: type: 0x03ee LibClamAV debug: length: 0x0000020c LibClamAV debug: in ppt_read_atom_header LibClamAV debug: version: 0x00 LibClamAV debug: instance: 0x01 LibClamAV debug: type: 0x1011 LibClamAV debug: length: 0x000002b0 LibClamAV debug: length: 684 LibClamAV debug: in ppt_read_atom_header LibClamAV debug: version: 0x00 LibClamAV debug: instance: 0x00 LibClamAV debug: type: 0x1772 LibClamAV debug: length: 0x00000014 LibClamAV debug: in ppt_read_atom_header LibClamAV debug: version: 0x00 LibClamAV debug: instance: 0x00 LibClamAV debug: type: 0x0ff5 LibClamAV debug: length: 0x0000001c LibClamAV debug: in ppt_read_atom_header LibClamAV debug: read ppt_header failed LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized OLE2 container file LibClamAV debug: cache_check: 34bbee039661ffefe723e4c053c4349e is negative LibClamAV debug: in cli_scanole2() LibClamAV debug: in cli_ole2_extract() LibClamAV debug: LibClamAV debug: Magic: 0xd0cf11e0a1b11ae1 LibClamAV debug: CLSID: {0000-00-00-00-000000} LibClamAV debug: Minor version: 0x3e LibClamAV debug: DLL version: 0x3 LibClamAV debug: Byte Order: -2 LibClamAV debug: Big Block Size: 9 LibClamAV debug: Small Block Size: 6 LibClamAV debug: BAT count: 1 LibClamAV debug: Prop start: 2 LibClamAV debug: SBAT cutoff: 4096 LibClamAV debug: SBat start: 4 LibClamAV debug: SBat block count: 1 LibClamAV debug: XBat start: -2 LibClamAV debug: XBat block count: 0 LibClamAV debug: LibClamAV debug: Max block number: 56 LibClamAV debug: OLE2: VBA project found LibClamAV debug: OLE2: root entry [root] r size:0x000003c0 flags:0x00000000 LibClamAV debug: OLE2: _1_ole10native [file] b size:0x00000307 flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_ole10native' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-c4fd3d01e9dcc4bb59eaa37596db5478.tmp/e74f5f7bbf0b77708bc591157d708d3d_0' LibClamAV debug: OLE2: _1_compobj [file] r size:0x0000004c flags:0x00000000 LibClamAV debug: OLE2 [handler_writefile]: Dumping '_1_compobj' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-c4fd3d01e9dcc4bb59eaa37596db5478.tmp/88144fbcb62650fa72c360688f4772c7_0' LibClamAV debug: VBADir: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-c4fd3d01e9dcc4bb59eaa37596db5478.tmp LibClamAV debug: cli_decode_ole_object: decoding to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-a94c446c4b820bed07f8b02d94d50310.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 4/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized binary data LibClamAV debug: Matched signature for file type SIS at 8 LibClamAV debug: cache_check: 9af10e8bc42125f1b471a69e0104e09e is negative LibClamAV debug: in scansis() LibClamAV debug: SIS: UIDS 1000000 10003a12 10000419 - 73854f24 LibClamAV debug: SIS: Application name: LibClamAV debug: Name (UK English - @146, len 8) LibClamAV debug: SIS: Provides: LibClamAV debug: Name (UK English - @146, len 8) LibClamAV debug: SIS: Depends on: LibClamAV debug: UID: 101f6f88 v. 0.0.0 aka: LibClamAV debug: Series60ProductID (UK English - @124, len 34) LibClamAV debug: SIS: Package is compressed LibClamAV debug: SIS: Pkgtype: 0 LibClamAV debug: SIS: File details: Options: 0 Type: simple LibClamAV debug: Original filename: C:\Users\zolw\AppData\Local\Temp\MKS0\clam.exe LibClamAV debug: Installed to: !:\clam.exe LibClamAV debug: Unpacking lang#0 - ptr:14e csize:106 osize:220 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: 4e05da42c0edfad9adc8103c1319a39f is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: d67efc70fcf79eca10063916930e446f is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-198fb8ff2e020b40178fc2c82c292668.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 6032, [13620 in octal] LibClamAV debug: cli_untar: Checksum 6032 is valid. LibClamAV debug: cli_untar: size = 40 LibClamAV debug: cli_untar: skipping entry LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: Candidate checksum = 5489, [12561 in octal] LibClamAV debug: cli_untar: Checksum 5489 is valid. LibClamAV debug: cli_untar: size = 544 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:544:clam.exe:544:544:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-198fb8ff2e020b40178fc2c82c292668.tmp/tar01 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: cli_untar: pos = 2048 LibClamAV debug: cli_untar: pos = 2560 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized TNEF file LibClamAV debug: cache_check: 9417e3d9e9e227fc029204a23d2b5bf1 is negative LibClamAV debug: message tag 0x9006, type 0x8, length 4 LibClamAV debug: TNEF - found message LibClamAV debug: message tag 0x9006, type 0x8, length 4 LibClamAV debug: message tag 0x9007, type 0x6, length 8 LibClamAV debug: TNEF - found message LibClamAV debug: message tag 0x9007, type 0x6, length 8 LibClamAV debug: message tag 0x8008, type 0x7, length 24 LibClamAV debug: TNEF - found message LibClamAV debug: message tag 0x8008, type 0x7, length 24 LibClamAV debug: message tag 0x800d, type 0x4, length 2 LibClamAV debug: TNEF - found message LibClamAV debug: message tag 0x800d, type 0x4, length 2 LibClamAV debug: message tag 0x8004, type 0x1, length 48 LibClamAV debug: TNEF - found message LibClamAV debug: message tag 0x8004, type 0x1, length 48 LibClamAV debug: message tag 0x9, type 0x4, length 2 LibClamAV debug: TNEF - found message LibClamAV debug: message tag 0x9, type 0x4, length 2 LibClamAV debug: message tag 0x8006, type 0x3, length 14 LibClamAV debug: TNEF - found message LibClamAV debug: message tag 0x8006, type 0x3, length 14 LibClamAV debug: message tag 0x8020, type 0x2, length 52 LibClamAV debug: TNEF - found message LibClamAV debug: message tag 0x8020, type 0x2, length 52 LibClamAV debug: message tag 0x9004, type 0x6, length 124 LibClamAV debug: TNEF - found message LibClamAV debug: message tag 0x9004, type 0x6, length 124 LibClamAV debug: message tag 0x9003, type 0x6, length 2892 LibClamAV debug: TNEF - found message LibClamAV debug: message tag 0x9003, type 0x6, length 2892 LibClamAV debug: message tag 0x9002, type 0x6, length 14 LibClamAV debug: TNEF - found attachment LibClamAV debug: attachment tag 0x9002, type 0x6, length 14 LibClamAV debug: TNEF - unsupported attachment tag 0x9002 type 0x6 length 14 LibClamAV debug: message tag 0x8013, type 0x3, length 14 LibClamAV debug: TNEF - found attachment LibClamAV debug: attachment tag 0x8013, type 0x3, length 14 LibClamAV debug: TNEF - unsupported attachment tag 0x8013 type 0x3 length 14 LibClamAV debug: message tag 0x800f, type 0x6, length 544 LibClamAV debug: TNEF - found attachment LibClamAV debug: attachment tag 0x800f, type 0x6, length 544 LibClamAV debug: message tag 0x8010, type 0x1, length 9 LibClamAV debug: TNEF - found attachment LibClamAV debug: attachment tag 0x8010, type 0x1, length 9 LibClamAV debug: TNEF filename clam.exe LibClamAV debug: blobSetFilename: clam.exe LibClamAV debug: fileblobSetFilename: file clam.exe saved to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-f2996ec9fb4d51c4fe29a98b090452d8.tmp/clamav-17435abe1c9d10b7ec261814bdec6a98.tmp LibClamAV debug: message tag 0x8011, type 0x6, length 5624 LibClamAV debug: TNEF - found attachment LibClamAV debug: attachment tag 0x8011, type 0x6, length 5624 LibClamAV debug: TNEF - unsupported attachment tag 0x8011 type 0x6 length 5624 LibClamAV debug: message tag 0x9005, type 0x6, length 180 LibClamAV debug: TNEF - found attachment LibClamAV debug: attachment tag 0x9005, type 0x6, length 180 LibClamAV debug: TNEF - unsupported attachment tag 0x9005 type 0x6 length 180 LibClamAV debug: tnef_header: ignoring trailing newline LibClamAV debug: cli_tnef: flushing final data LibClamAV debug: fileblobDestroy: /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-f2996ec9fb4d51c4fe29a98b090452d8.tmp/clamav-17435abe1c9d10b7ec261814bdec6a98.tmp LibClamAV debug: cli_tnef: returning 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized ZIP file LibClamAV debug: cache_check: 37ee24a41abc0fdbe8ee342ededf33ef is negative LibClamAV debug: in cli_unzip LibClamAV debug: cli_unzip: central @13b LibClamAV debug: cli_unzip: ch - flags 0 - method 8 - csize 100 - usize 220 - flen 8 - elen d - clen 0 - disk 0 - off 0 LibClamAV debug: cli_unzip: ch - fname: clam.exe LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:1:4010228989:(nil) LibClamAV debug: cli_unzip: lh - ZMDNAME:0:clam.exe:544:256:ef073cfd:8:1:1 LibClamAV debug: CDBNAME:CL_TYPE_ZIP:256:clam.exe:256:544:0:1:4010228989:(nil) LibClamAV debug: cli_unzip: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-00b38d46fadc2b95ff66c8157502f9f3.tmp/zip.000 LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: a54c20ccd89a41329f3feeca0df4a8b3 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 41f, rva: 165f0 LibClamAV debug: cli_peheader: parsing version info @ rva 165f0 (1/1) LibClamAV debug: VersionInfo (16186): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (161d6): 'FileDescription'='Setup.exe' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000530065007400750070002e006500780065000000 LibClamAV debug: VersionInfo (16212): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (1624a): 'InternalName'='Setup' - VI:49006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000 LibClamAV debug: VersionInfo (16276): 'OriginalFilename'='Setup.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e006500780065000000 LibClamAV debug: VersionInfo (162b2): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (1632e): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (16372): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type CAB-SFX at 476556 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: *** Detected embedded PE file at 115236 *** LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: e7d69e3a0825c65b215b0ed482a3f089 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type CAB-SFX at 361320 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: CAB/CAB-SFX signature found at 361320 LibClamAV debug: mspack_fmap_seek() err 229 LibClamAV debug: cli_scanmscab() failed at 375 LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: Descriptor[5]: Continuing after cli_scanraw error CL_EFORMAT: Bad format or broken data LibClamAV debug: e_lfanew == 256 LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 1 LibClamAV debug: TimeDateStamp: Sat Apr 16 18:54:57 2005 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 2 LibClamAV debug: MinorLinkerVersion: 25 LibClamAV debug: SizeOfCode: 0x400 LibClamAV debug: SizeOfInitializedData: 0x600 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x1040 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 3 LibClamAV debug: MinorSubsystemVersion: 10 LibClamAV debug: SizeOfImage: 0x2000 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: [CLAMAV] LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1000 0x1000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x200 0x200 LibClamAV debug: PointerToRawData: 0x1 0x0 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x40 (64) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: e7d69e3a0825c65b215b0ed482a3f089 (level 0) LibClamAV debug: e_lfanew == 232 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 4 LibClamAV debug: TimeDateStamp: Mon Apr 4 06:05:10 2005 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x10a00 LibClamAV debug: SizeOfInitializedData: 0xb600 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0xce17 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x1f000 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1091e 0x11000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x10a00 0x10a00 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x17f0 0x2000 LibClamAV debug: VirtualAddress: 0x12000 0x12000 LibClamAV debug: SizeOfRawData: 0x1800 0x1800 LibClamAV debug: PointerToRawData: 0x10e00 0x10e00 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x17c4 0x2000 LibClamAV debug: VirtualAddress: 0x14000 0x14000 LibClamAV debug: SizeOfRawData: 0x1600 0x1600 LibClamAV debug: PointerToRawData: 0x12600 0x12600 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x8420 0x9000 LibClamAV debug: VirtualAddress: 0x16000 0x16000 LibClamAV debug: SizeOfRawData: 0x8600 0x8600 LibClamAV debug: PointerToRawData: 0x13c00 0x13c00 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0xc217 (49687) LibClamAV debug: ishield: @1c224 found file clam.exe (Disk1\clam.exe) - version 0.0.0.0 - size 544 LibClamAV debug: CDBNAME:CL_TYPE_MSEXE:544:clam.exe:544:544:0:0:0:(nil) LibClamAV debug: ishield: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-efe4438394d2256d4f6c97508148d268.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 235bb0bcf01b767d5cf5570027c93f6b is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 41f, rva: 165f0 LibClamAV debug: cli_peheader: parsing version info @ rva 165f0 (1/1) LibClamAV debug: VersionInfo (16186): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (161d6): 'FileDescription'='Setup.exe' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000530065007400750070002e006500780065000000 LibClamAV debug: VersionInfo (16212): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (1624a): 'InternalName'='Setup' - VI:49006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000 LibClamAV debug: VersionInfo (16276): 'OriginalFilename'='Setup.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e006500780065000000 LibClamAV debug: VersionInfo (162b2): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (1632e): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (16372): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type CAB-SFX at 471993 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: CAB/CAB-SFX signature found at 471993 LibClamAV debug: mspack_fmap_seek() err 229 LibClamAV debug: cli_scanmscab() failed at 375 LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 41f, rva: 165f0 LibClamAV debug: cli_peheader: parsing version info @ rva 165f0 (1/1) LibClamAV debug: VersionInfo (16186): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (161d6): 'FileDescription'='Setup.exe' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000530065007400750070002e006500780065000000 LibClamAV debug: VersionInfo (16212): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (1624a): 'InternalName'='Setup' - VI:49006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000 LibClamAV debug: VersionInfo (16276): 'OriginalFilename'='Setup.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e006500780065000000 LibClamAV debug: VersionInfo (162b2): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (1632e): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (16372): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: *** Detected embedded PE file at 1016015 *** LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: a63fe77037d042c8690ed49557977a8c is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 41f, rva: 165f0 LibClamAV debug: cli_peheader: parsing version info @ rva 165f0 (1/1) LibClamAV debug: VersionInfo (16186): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (161d6): 'FileDescription'='Setup.exe' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000530065007400750070002e006500780065000000 LibClamAV debug: VersionInfo (16212): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (1624a): 'InternalName'='Setup' - VI:49006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000 LibClamAV debug: VersionInfo (16276): 'OriginalFilename'='Setup.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e006500780065000000 LibClamAV debug: VersionInfo (162b2): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (1632e): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (16372): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: e_lfanew == 232 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 4 LibClamAV debug: TimeDateStamp: Mon Apr 4 06:05:10 2005 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x10a00 LibClamAV debug: SizeOfInitializedData: 0xb600 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0xce17 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x1f000 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1091e 0x11000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x10a00 0x10a00 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x17f0 0x2000 LibClamAV debug: VirtualAddress: 0x12000 0x12000 LibClamAV debug: SizeOfRawData: 0x1800 0x1800 LibClamAV debug: PointerToRawData: 0x10e00 0x10e00 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x17c4 0x2000 LibClamAV debug: VirtualAddress: 0x14000 0x14000 LibClamAV debug: SizeOfRawData: 0x1600 0x1600 LibClamAV debug: PointerToRawData: 0x12600 0x12600 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x8420 0x9000 LibClamAV debug: VirtualAddress: 0x16000 0x16000 LibClamAV debug: SizeOfRawData: 0x8600 0x8600 LibClamAV debug: PointerToRawData: 0x13c00 0x13c00 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0xc217 (49687) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: a63fe77037d042c8690ed49557977a8c (level 0) LibClamAV debug: e_lfanew == 232 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 4 LibClamAV debug: TimeDateStamp: Mon Apr 4 06:05:10 2005 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x10a00 LibClamAV debug: SizeOfInitializedData: 0xb600 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0xce17 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x1f000 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1091e 0x11000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x10a00 0x10a00 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x17f0 0x2000 LibClamAV debug: VirtualAddress: 0x12000 0x12000 LibClamAV debug: SizeOfRawData: 0x1800 0x1800 LibClamAV debug: PointerToRawData: 0x10e00 0x10e00 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x17c4 0x2000 LibClamAV debug: VirtualAddress: 0x14000 0x14000 LibClamAV debug: SizeOfRawData: 0x1600 0x1600 LibClamAV debug: PointerToRawData: 0x12600 0x12600 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x8420 0x9000 LibClamAV debug: VirtualAddress: 0x16000 0x16000 LibClamAV debug: SizeOfRawData: 0x8600 0x8600 LibClamAV debug: PointerToRawData: 0x13c00 0x13c00 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0xc217 (49687) LibClamAV debug: ishield: @1c229 found file data1.cab (Disk1\data1.cab) - version 0.0.0.0 - size 345386 LibClamAV debug: CDBNAME:CL_TYPE_MSEXE:345386:data1.cab:345386:345386:0:0:0:(nil) LibClamAV debug: ishield: added data1.cab to array LibClamAV debug: ishield: @7077b found file data1.hdr (Disk1\data1.hdr) - version 0.0.0.0 - size 10471 LibClamAV debug: CDBNAME:CL_TYPE_MSEXE:10471:data1.hdr:10471:10471:0:1:0:(nil) LibClamAV debug: ishield: added data1.hdr to array LibClamAV debug: ishield: @73088 found file data2.cab (Disk1\data2.cab) - version 0.0.0.0 - size 770 LibClamAV debug: CDBNAME:CL_TYPE_MSEXE:770:data2.cab:770:770:0:2:0:(nil) LibClamAV debug: ishield: added data2.cab to array LibClamAV debug: ishield: @733b9 found file engine32.cab (Disk1\engine32.cab) - version 0.0.0.0 - size 543481 LibClamAV debug: CDBNAME:CL_TYPE_MSEXE:543481:engine32.cab:543481:543481:0:3:0:(nil) LibClamAV debug: ishield: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-03df491867c3eeee16ade0d158a141ee.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS CAB file LibClamAV debug: cache_check: f1388bda22a24abcdb0324903411bf7f is negative LibClamAV debug: mspack_fmap_seek() err 229 LibClamAV debug: cli_scanmscab() failed at 375 LibClamAV debug: Matched signature for file type CAB-SFX at 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: Descriptor[5]: CL_EFORMAT: Bad format or broken data LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: ishield: @f7eda found file layout.bin (Disk1\layout.bin) - version 0.0.0.0 - size 455 LibClamAV debug: CDBNAME:CL_TYPE_MSEXE:455:layout.bin:455:455:0:4:0:(nil) LibClamAV debug: ishield: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-4bb5cf80e6113e7c3134ca8ff05ba8b1.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 3b70579cc5a5bab9b5e634404e4b719b is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 3b70579cc5a5bab9b5e634404e4b719b (level 0) LibClamAV debug: ishield: @f80cf found file setup.exe (Disk1\setup.exe) - version 11.0.0.28844 - size 121064 LibClamAV debug: CDBNAME:CL_TYPE_MSEXE:121064:setup.exe:121064:121064:0:5:0:(nil) LibClamAV debug: ishield: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-314592d7825d1ae472f722a804a95014.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: bef1e6a9b97045ec3f2b9cf34acb6810 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 41f, rva: 165f0 LibClamAV debug: cli_peheader: parsing version info @ rva 165f0 (1/1) LibClamAV debug: VersionInfo (16186): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (161d6): 'FileDescription'='Setup.exe' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000530065007400750070002e006500780065000000 LibClamAV debug: VersionInfo (16212): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (1624a): 'InternalName'='Setup' - VI:49006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000 LibClamAV debug: VersionInfo (16276): 'OriginalFilename'='Setup.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e006500780065000000 LibClamAV debug: VersionInfo (162b2): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (1632e): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (16372): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: e_lfanew == 232 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 4 LibClamAV debug: TimeDateStamp: Mon Apr 4 06:05:10 2005 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x10a00 LibClamAV debug: SizeOfInitializedData: 0xb600 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0xce17 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x1f000 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1091e 0x11000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x10a00 0x10a00 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x17f0 0x2000 LibClamAV debug: VirtualAddress: 0x12000 0x12000 LibClamAV debug: SizeOfRawData: 0x1800 0x1800 LibClamAV debug: PointerToRawData: 0x10e00 0x10e00 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x17c4 0x2000 LibClamAV debug: VirtualAddress: 0x14000 0x14000 LibClamAV debug: SizeOfRawData: 0x1600 0x1600 LibClamAV debug: PointerToRawData: 0x12600 0x12600 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x8420 0x9000 LibClamAV debug: VirtualAddress: 0x16000 0x16000 LibClamAV debug: SizeOfRawData: 0x8600 0x8600 LibClamAV debug: PointerToRawData: 0x13c00 0x13c00 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0xc217 (49687) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: bef1e6a9b97045ec3f2b9cf34acb6810 (level 0) LibClamAV debug: ishield: @1159e0 found file setup.ibt (Disk1\setup.ibt) - version 0.0.0.0 - size 396011 LibClamAV debug: CDBNAME:CL_TYPE_MSEXE:396011:setup.ibt:396011:396011:0:6:0:(nil) LibClamAV debug: ishield: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-2f8068681a7ef1b9120fe85358e18d44.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized binary data LibClamAV debug: Matched signature for file type PE LibClamAV debug: cache_check: e443daa20aed702ba6f5f5f2343de989 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Invalid DOS signature LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: Invalid DOS signature LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: e443daa20aed702ba6f5f5f2343de989 (level 0) LibClamAV debug: ishield: @1764f1 found file setup.ini (Disk1\setup.ini) - version 0.0.0.0 - size 452 LibClamAV debug: CDBNAME:CL_TYPE_MSEXE:452:setup.ini:452:452:0:7:0:(nil) LibClamAV debug: ishield: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-33c43872ff03b34a903e472893b50e01.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: 677bb0dbd503488e051b8ce98518270c is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 677bb0dbd503488e051b8ce98518270c (level 0) LibClamAV debug: is_parse_hdr: magic 49536328, unk1 950001, unk2 0, data_off 200, data_sz 921b0000 LibClamAV debug: is_parse_hdr: file \iKernel.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \Setup.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \DotNetInstaller.exe (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \iscript.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \ctor.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \iuser.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \IGDI.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \ISBEW64.exe (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \IsProBE.tlb (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \objectps.dll (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \ISBEW64.tlb (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \IKernel.rgs (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: file \ISBEW64.rgs (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e offset:200 (data1.cab) 13:20000000 14:833207b5 15:1000000) LibClamAV debug: is_parse_hdr: skipped empty file LibClamAV debug: is_parse_hdr: skipped external file:\setup.inx (size: 210370 csize: 210370 md5:6045272582fa1efe9ea7ff1e888facd6) LibClamAV debug: is_parse_hdr: file \license.rtf (size: 11493 csize: 2605 md5:e7eb45e877c8cb80f56e9dbc9504e757 offset:200 (data1.cab) 13:20000000 14:83324ab4 15:1000000) LibClamAV debug: is_extract_cab: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-89742b9d416dd463cb270f3f60b70a4d.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized RTF file LibClamAV debug: cache_check: e7eb45e877c8cb80f56e9dbc9504e757 is negative LibClamAV debug: in cli_scanrtf() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: e7eb45e877c8cb80f56e9dbc9504e757 (level 0) LibClamAV debug: is_parse_hdr: skipped unknown file entry 15 LibClamAV debug: is_parse_hdr: file \corecomp.ini (size: 65503 csize: 12414 md5:09d38ceca6a012f4ce5b54f03db9b21a offset:c2d (data1.cab) 13:20000000 14:833273b4 15:1000000) LibClamAV debug: is_extract_cab: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-4b00ea7c4ad929fb0e59896a74e5fc85.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: 09d38ceca6a012f4ce5b54f03db9b21a is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 09d38ceca6a012f4ce5b54f03db9b21a (level 0) LibClamAV debug: is_parse_hdr: file \FontData.ini (size: 39 csize: 43 md5:00f313e3e007599349a0c4d81c7807c4 offset:3cab (data1.cab) 13:20000000 14:f33a8c75 15:1000000) LibClamAV debug: is_extract_cab: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-fa928afc26044d5eb29794ecbb3a8bff.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: 00f313e3e007599349a0c4d81c7807c4 is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 00f313e3e007599349a0c4d81c7807c4 (level 0) LibClamAV debug: is_parse_hdr: file \StringTable-0009-English.ips (size: 329 csize: 177 md5:31563751792826a6272b09626250e155 offset:3cd6 (data1.cab) 13:20000000 14:f33a8c75 15:1000000) LibClamAV debug: is_extract_cab: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-00fd0eb83ae1a2223424d280102e9a0a.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: 31563751792826a6272b09626250e155 is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 31563751792826a6272b09626250e155 (level 0) LibClamAV debug: is_parse_hdr: file \isrt.dll (size: 425984 csize: 211241 md5:9a7790ae29bbadfa35650751ecceb0e7 offset:3d87 (data1.cab) 13:20000000 14:833270b8 15:1000000) LibClamAV debug: is_extract_cab: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-04b4507740e39efdc147c8e0332599a6.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 9a7790ae29bbadfa35650751ecceb0e7 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 63048 LibClamAV debug: cli_peheader: parsing version info @ rva 63048 (1/1) LibClamAV debug: VersionInfo (610fe): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (6114e): 'FileDescription'='InstallShield (R) RunTime DLL' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c00640020002800520029002000520075006e00540069006d006500200044004c004c000000 LibClamAV debug: VersionInfo (611b2): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (611ea): 'InternalName'='ISRT' - VI:49006e007400650072006e0061006c004e0061006d0065000000490053005200540000000000 LibClamAV debug: VersionInfo (61216): 'OriginalFilename'='ISRT.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d006500000049005300520054002e0064006c006c0000000000 LibClamAV debug: VersionInfo (61252): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (612ce): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (61312): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: e_lfanew == 280 LibClamAV debug: File type: DLL LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 5 LibClamAV debug: TimeDateStamp: Mon Apr 4 06:03:31 2005 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x4c000 LibClamAV debug: SizeOfInitializedData: 0x1d000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x3c7b4 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x6a000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x4b36e 0x4c000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x4c000 0x4c000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0xd08d 0xe000 LibClamAV debug: VirtualAddress: 0x4d000 0x4d000 LibClamAV debug: SizeOfRawData: 0xe000 0xe000 LibClamAV debug: PointerToRawData: 0x4d000 0x4d000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x7828 0x8000 LibClamAV debug: VirtualAddress: 0x5b000 0x5b000 LibClamAV debug: SizeOfRawData: 0x6000 0x6000 LibClamAV debug: PointerToRawData: 0x5b000 0x5b000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x380 0x1000 LibClamAV debug: VirtualAddress: 0x63000 0x63000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x61000 0x61000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .reloc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x5d74 0x6000 LibClamAV debug: VirtualAddress: 0x64000 0x64000 LibClamAV debug: SizeOfRawData: 0x6000 0x6000 LibClamAV debug: PointerToRawData: 0x62000 0x62000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x3c7b4 (247732) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 9a7790ae29bbadfa35650751ecceb0e7 (level 0) LibClamAV debug: is_parse_hdr: file \default.pal (size: 1168 csize: 466 md5:0abafe3f69d053494405061de2629c82 offset:376b0 (data1.cab) 13:20000000 14:833273b4 15:1000000) LibClamAV debug: is_extract_cab: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-a60d03237373f8c613ad11e9817ae5f1.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized RIFF file LibClamAV debug: cache_check: 0abafe3f69d053494405061de2629c82 is negative LibClamAV debug: in cli_check_riff_exploit() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 0abafe3f69d053494405061de2629c82 (level 0) LibClamAV debug: is_parse_hdr: file \_IsRes.dll (size: 548963 csize: 117928 md5:d28b31e1e3d9972cce01e4deb0288b31 offset:37882 (data1.cab) 13:20000000 14:84324006 15:1000000) LibClamAV debug: is_extract_cab: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-6cc3f10456cf24f5e23ad246ec14db30.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: d28b31e1e3d9972cce01e4deb0288b31 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 37048 LibClamAV debug: cli_peheader: parsing version info @ rva 37048 (1/1) LibClamAV debug: VersionInfo (6c1ee): 'CompanyName'='Macrovision Corporation' - VI:43006f006d00700061006e0079004e0061006d006500000000004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e000000 LibClamAV debug: VersionInfo (6c23e): 'FileDescription'='InstallShield (R) Dialog Resources' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c006400200028005200290020004400690061006c006f00670020005200650073006f007500720063006500730000000000 LibClamAV debug: VersionInfo (6c2ae): 'FileVersion'='11.00.28844' - VI:460069006c006500560065007200730069006f006e0000000000310031002e00300030002e00320038003800340034000000 LibClamAV debug: VersionInfo (6c2e6): 'InternalName'='_IsRes2k' - VI:49006e007400650072006e0061006c004e0061006d00650000005f004900730052006500730032006b0000000000 LibClamAV debug: VersionInfo (6c31a): 'OriginalFilename'='_IsRes.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d00650000005f00490073005200650073002e0064006c006c0000000000 LibClamAV debug: VersionInfo (6c35a): 'LegalCopyright'='Copyright (C) 2005 Macrovision Corporation' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000350020004d006100630072006f0076006900730069006f006e00200043006f00720070006f0072006100740069006f006e0000000000 LibClamAV debug: VersionInfo (6c3d6): 'ProductName'='InstallShield (R)' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c00640020002800520029000000 LibClamAV debug: VersionInfo (6c41a): 'ProductVersion'='11.00' - VI:500072006f006400750063007400560065007200730069006f006e000000310031002e00300030000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 8, capacity: 64 LibClamAV debug: e_lfanew == 216 LibClamAV debug: File type: DLL LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 6 LibClamAV debug: TimeDateStamp: Mon Apr 4 07:49:58 2005 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x2a000 LibClamAV debug: SizeOfInitializedData: 0x5d000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x1180 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x88000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x29dc0 0x2a000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x2a000 0x2a000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1f01 0x2000 LibClamAV debug: VirtualAddress: 0x2b000 0x2b000 LibClamAV debug: SizeOfRawData: 0x2000 0x2000 LibClamAV debug: PointerToRawData: 0x2b000 0x2b000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x6614 0x7000 LibClamAV debug: VirtualAddress: 0x2d000 0x2d000 LibClamAV debug: SizeOfRawData: 0x5000 0x5000 LibClamAV debug: PointerToRawData: 0x2d000 0x2d000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .idata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0xa11 0x1000 LibClamAV debug: VirtualAddress: 0x34000 0x34000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x32000 0x32000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x50de3 0x51000 LibClamAV debug: VirtualAddress: 0x35000 0x35000 LibClamAV debug: SizeOfRawData: 0x51000 0x51000 LibClamAV debug: PointerToRawData: 0x33000 0x33000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 5 LibClamAV debug: Section name: .reloc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1b62 0x2000 LibClamAV debug: VirtualAddress: 0x86000 0x86000 LibClamAV debug: SizeOfRawData: 0x2000 0x2000 LibClamAV debug: PointerToRawData: 0x84000 0x84000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x1180 (4480) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: d28b31e1e3d9972cce01e4deb0288b31 (level 0) LibClamAV debug: is_parse_hdr: skipped external file:\layout.bin (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e) LibClamAV debug: is_parse_hdr: skipped external file:\data1.hdr (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e) LibClamAV debug: is_parse_hdr: skipped external file:\data1.cab (size: 0 csize: 0 md5:d41d8cd98f00b204e9800998ecf8427e) LibClamAV debug: is_parse_hdr: skipped external file:\setup.exe (size: 121064 csize: 121064 md5:bef1e6a9b97045ec3f2b9cf34acb6810) LibClamAV debug: is_parse_hdr: skipped external file:\setup.inx (size: 210370 csize: 210370 md5:6045272582fa1efe9ea7ff1e888facd6) LibClamAV debug: is_parse_hdr: skipped external file:\setup.ini (size: 452 csize: 452 md5:677bb0dbd503488e051b8ce98518270c) LibClamAV debug: is_parse_hdr: file \clam.exe (size: 544 csize: 258 md5:aa15bcf478d165efd2065190eb473bcb offset:200 (data2.cab) 13:20000000 14:f33a0275 15:2000000) LibClamAV debug: is_extract_cab: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-0e25dc5ae36df97f112c468ae2ffb9da.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 37b9b0f97ea3bd6269e1d0be65185da2 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 0, rva: 99e18 LibClamAV debug: cli_peheader: parsing version info @ rva 99e18 (1/1) LibClamAV debug: VersionInfo (deda2): 'CompanyName'='company ' - VI:43006f006d00700061006e0079004e0061006d0065000000000063006f006d00700061006e0079002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: VersionInfo (dee3e): 'FileDescription'='Setup Launcher Unicode ' - VI:460069006c0065004400650073006300720069007000740069006f006e00000000005300650074007500700020004c00610075006e006300680065007200200055006e00690063006f0064006500200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200000000000 LibClamAV debug: VersionInfo (deee6): 'FileVersion'='1.00.0000 ' - VI:460069006c006500560065007200730069006f006e000000000031002e00300030002e00300030003000300020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200000000000 LibClamAV debug: VersionInfo (def6a): 'InternalName'='Setup ' - VI:49006e007400650072006e0061006c004e0061006d00650000005300650074007500700020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: VersionInfo (defe6): 'LegalCopyright'='Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved. ' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000390020004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e00200061006e0064002f006f007200200049006e007300740061006c006c0053006800690065006c006400200043006f002e00200049006e0063002e00200041006c006c0020005200690067006800740073002000520065007300650072007600650064002e0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: VersionInfo (df112): 'OriginalFilename'='Setup.exe ' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e0065007800650020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: VersionInfo (df19e): 'ProductName'='clam ' - VI:500072006f0064007500630074004e0061006d0065000000000063006c0061006d0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: VersionInfo (df22a): 'ProductVersion'='1.00.0000 ' - VI:500072006f006400750063007400560065007200730069006f006e00000031002e00300030002e0030003000300030002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200000000000 LibClamAV debug: VersionInfo (df2aa): 'Internal Build Number'='90563 ' - VI:49006e007400650072006e0061006c0020004200750069006c00640020004e0075006d00620065007200000000003900300035003600330020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type ISHIELD-MSI LibClamAV debug: hashtab: Freeing hashset, elements: 9, capacity: 64 LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: ISHIELD-MSI signature found at 915561 LibClamAV debug: in ishield-msi LibClamAV debug: ishield-msi: File clam.exe409.bmp (csize: 106, unk1:6000000 unk2:0 unk3:0 unk4:1000000 unk5:0 unk6:0 unk7:0 unk8:0 unk9:0 unk10:0 unk11:0) LibClamAV debug: ishield-msi: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-ee79423c00196bb977d5804464330bde.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 2f60b47aa5ff8931c786fbe0eafc657e is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 0, rva: 99e18 LibClamAV debug: cli_peheader: parsing version info @ rva 99e18 (1/1) LibClamAV debug: VersionInfo (deda2): 'CompanyName'='company ' - VI:43006f006d00700061006e0079004e0061006d0065000000000063006f006d00700061006e0079002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: VersionInfo (dee3e): 'FileDescription'='Setup Launcher Unicode ' - VI:460069006c0065004400650073006300720069007000740069006f006e00000000005300650074007500700020004c00610075006e006300680065007200200055006e00690063006f0064006500200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200000000000 LibClamAV debug: VersionInfo (deee6): 'FileVersion'='1.00.0000 ' - VI:460069006c006500560065007200730069006f006e000000000031002e00300030002e00300030003000300020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200000000000 LibClamAV debug: VersionInfo (def6a): 'InternalName'='Setup ' - VI:49006e007400650072006e0061006c004e0061006d00650000005300650074007500700020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: VersionInfo (defe6): 'LegalCopyright'='Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved. ' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000390020004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e00200061006e0064002f006f007200200049006e007300740061006c006c0053006800690065006c006400200043006f002e00200049006e0063002e00200041006c006c0020005200690067006800740073002000520065007300650072007600650064002e0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: VersionInfo (df112): 'OriginalFilename'='Setup.exe ' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000530065007400750070002e0065007800650020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: VersionInfo (df19e): 'ProductName'='clam ' - VI:500072006f0064007500630074004e0061006d0065000000000063006c0061006d0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: VersionInfo (df22a): 'ProductVersion'='1.00.0000 ' - VI:500072006f006400750063007400560065007200730069006f006e00000031002e00300030002e0030003000300030002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200000000000 LibClamAV debug: VersionInfo (df2aa): 'Internal Build Number'='90563 ' - VI:49006e007400650072006e0061006c0020004200750069006c00640020004e0075006d00620065007200000000003900300035003600330020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type ISHIELD-MSI LibClamAV debug: hashtab: Freeing hashset, elements: 9, capacity: 64 LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: ISHIELD-MSI signature found at 915561 LibClamAV debug: in ishield-msi LibClamAV debug: ishield-msi: File 0x0409.ini (csize: 1153, unk1:6000000 unk2:0 unk3:0 unk4:1000000 unk5:0 unk6:0 unk7:0 unk8:0 unk9:0 unk10:0 unk11:0) LibClamAV debug: ishield-msi: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-d561284284e0497a097efa0688e5d155.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized UTF-16LE character data LibClamAV debug: entconv: Encoding UTF-16LE LibClamAV debug: in_iconv_u16: unprocessed bytes: 0 LibClamAV debug: cache_check: 36affbd6ff77d1515cfc1c5e998fbaf9 is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 36affbd6ff77d1515cfc1c5e998fbaf9 (level 0) LibClamAV debug: ishield-msi: File EvalMarker.dat (csize: 8, unk1:6000000 unk2:0 unk3:0 unk4:1000000 unk5:0 unk6:0 unk7:0 unk8:0 unk9:0 unk10:0 unk11:0) LibClamAV debug: ishield-msi: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-2f47558ce876425d641610f723a9baf6.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Small data (0 bytes) LibClamAV debug: cli_magic_scandesc: returning 0 at line 3602 (no post, no cache) LibClamAV debug: ishield-msi: File clam.msi (csize: 3fdbd, unk1:6000000 unk2:0 unk3:0 unk4:1000000 unk5:0 unk6:0 unk7:0 unk8:0 unk9:0 unk10:0 unk11:0) LibClamAV debug: ishield-msi: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-cc3e157cd047076c6f6d0a37c2c173c6.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized OLE2 container file LibClamAV debug: cache_check: efa529f28de651b561dc36646733e7e6 is negative LibClamAV debug: in cli_scanole2() LibClamAV debug: in cli_ole2_extract() LibClamAV debug: LibClamAV debug: Magic: 0xd0cf11e0a1b11ae1 LibClamAV debug: CLSID: {0000-00-00-00-000000} LibClamAV debug: Minor version: 0x3e LibClamAV debug: DLL version: 0x3 LibClamAV debug: Byte Order: -2 LibClamAV debug: Big Block Size: 9 LibClamAV debug: Small Block Size: 6 LibClamAV debug: BAT count: 11 LibClamAV debug: Prop start: 1 LibClamAV debug: SBAT cutoff: 4096 LibClamAV debug: SBat start: 56 LibClamAV debug: SBat block count: 4 LibClamAV debug: XBat start: -2 LibClamAV debug: XBat block count: 0 LibClamAV debug: LibClamAV debug: Max block number: 10280 LibClamAV debug: OLE2: no VBA projects found LibClamAV debug: OLE2: binary.newbinary4 [file] b size:0x00000cbe flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_4_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-ec0783c0fc8afe33ed21c0e2103e4695.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 5371475e745a1d5d8241f8d35d63b920 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 5371475e745a1d5d8241f8d35d63b920 (level 0) LibClamAV debug: OLE2: 01adminexecutesequence [file] b size:0x00000036 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_bekaa_0_ldbaa_;&7_cemaa_4h&' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-1d534064bf0e404f014b7c974d1d2ff6.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: c02ab4558c885456a8dc0895f8218e78 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: c02ab4558c885456a8dc0895f8218e78 (level 0) LibClamAV debug: OLE2: icon.arpproducticon.exe [file] b size:0x0000d000 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_becaa_r_kdoaa_[_odjaa_x_ldoaa__mdnaa__odmaa__hehaa__geiaa_(' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-b1665e7bd87829f75d482be7bbcd1c30.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 4667578a6b885927dac70c85a3e87e4f is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 9200 LibClamAV debug: cli_peheader: parsing version info @ rva 9200 (1/1) LibClamAV debug: VersionInfo (ba4a): 'CompanyName'='Acresso Software Inc.' - VI:43006f006d00700061006e0079004e0061006d006500000000004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e000000 LibClamAV debug: VersionInfo (ba96): 'FileDescription'='InstallShield' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000049006e007300740061006c006c0053006800690065006c0064000000 LibClamAV debug: VersionInfo (bada): 'FileVersion'='16.0.328' - VI:460069006c006500560065007200730069006f006e0000000000310036002e0030002e0033003200380000000000 LibClamAV debug: VersionInfo (bb0e): 'InternalName'='_IsIcoRes.exe' - VI:49006e007400650072006e0061006c004e0061006d00650000005f0049007300490063006f005200650073002e006500780065000000 LibClamAV debug: VersionInfo (bb4a): 'LegalCopyright'='Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000390020004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e00200061006e0064002f006f007200200049006e007300740061006c006c0053006800690065006c006400200043006f002e00200049006e0063002e00200041006c006c0020005200690067006800740073002000520065007300650072007600650064002e000000 LibClamAV debug: VersionInfo (bc26): 'OriginalFilename'='_IsIcoRes.exe' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d00650000005f0049007300490063006f005200650073002e006500780065000000 LibClamAV debug: VersionInfo (bc6a): 'ProductName'='InstallShield' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c0064000000 LibClamAV debug: VersionInfo (bca6): 'ProductVersion'='16.0' - VI:500072006f006400750063007400560065007200730069006f006e000000310036002e00300000000000 LibClamAV debug: VersionInfo (bcd6): 'Internal Build Number'='90563' - VI:49006e007400650072006e0061006c0020004200750069006c00640020004e0075006d0062006500720000000000390030003500360033000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 9, capacity: 64 LibClamAV debug: e_lfanew == 216 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 4 LibClamAV debug: TimeDateStamp: Wed Jun 10 21:04:05 2009 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x4000 LibClamAV debug: SizeOfInitializedData: 0x8000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x1005 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0xd000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x35ae 0x4000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x7a0 0x1000 LibClamAV debug: VirtualAddress: 0x5000 0x5000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x5000 0x5000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x29dc 0x3000 LibClamAV debug: VirtualAddress: 0x6000 0x6000 LibClamAV debug: SizeOfRawData: 0x3000 0x3000 LibClamAV debug: PointerToRawData: 0x6000 0x6000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x30e4 0x4000 LibClamAV debug: VirtualAddress: 0x9000 0x9000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x9000 0x9000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x1005 (4101) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 4667578a6b885927dac70c85a3e87e4f (level 0) LibClamAV debug: OLE2: 01installexecutesequence [file] b size:0x000001bc flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@r_fegaa__deeaa__ldpaa_;&7_cemaa_4h&' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-47cb47515af05196ddb1089f6848a01c.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 4cb36190d6680b2807bc94a6991dc7db is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 4cb36190d6680b2807bc94a6991dc7db (level 0) LibClamAV debug: OLE2: _5_summaryinformation [file] r size:0x00000224 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_5_summaryinformation' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-c3cc8335d8f8e92733292f3713011331.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: entconv: Encoding UCS-4 LibClamAV debug: entconv: iconv not found in cache, for encoding:UCS-4 LibClamAV debug: entconv: iconv_open(),for:UCS-4 -> 0x60a00 LibClamAV debug: in_iconv_u16: unprocessed bytes: 0 LibClamAV debug: cache_check: 4b51cc967957f26c2cef15a8c2cbc696 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 4b51cc967957f26c2cef15a8c2cbc696 (level 0) LibClamAV debug: OLE2: 01advtexecutesequence [file] b size:0x00000060 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_bekaa__fejaa__geoaa__beiaa__feiaa_((8_bebaa_(' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-1f78149f5097a4004fe6760b7241759d.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 30c1f86169b14c6f430776885316df3d is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 30c1f86169b14c6f430776885316df3d (level 0) LibClamAV debug: OLE2: 01adminuisequence [file] b size:0x0000003c flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_bekaa_0_pdbaa__pdcaa_(8_bebaa_(' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-1682d31f8eb030a9ffa191a87bc2e2b4.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 14f6fec489f4d9db89817bc02bb3d3de is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 14f6fec489f4d9db89817bc02bb3d3de (level 0) LibClamAV debug: OLE2: 01installuisequence [file] b size:0x0000009c flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@r_fegaa__deeaa__pdpaa__pdcaa_(8_bebaa_(' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-ea4fe90b8bfa475f3cfc04f59b15b2a4.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 816b801e90a5e45ec40b4a6d4ffc556e is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 816b801e90a5e45ec40b4a6d4ffc556e (level 0) LibClamAV debug: OLE2: 01issetuptypefeatures [file] b size:0x0000000c flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_pdcaa__cemaa_7s_eemaa__ldiaa_(756' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-1f091f0365ffe64bcb5981172a5d6ada.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: 2b9d03825b6b40206c0993861a2a5284 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 2b9d03825b6b40206c0993861a2a5284 (level 0) LibClamAV debug: OLE2: 01iscomponentextended [file] r size:0x0000001e flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_pdcaa__eemaa__eeaaa_rh_ldhaa__felaa_h''' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-891b330772aa20de81c48979ed0ad482.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 0a338583cc13b37789ac0a051e84bc47 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 0a338583cc13b37789ac0a051e84bc47 (level 0) LibClamAV debug: OLE2: binary.setallusers.dll [file] r size:0x0001e540 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15>_feiaa__dekaa__pdpaa_6_fefaa__beoaa__depaa_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-e1813b93cbcca832eb444ea4859a6bf2.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 1b05788b22e09f5f4282f06a1686ba1f is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 1a048 LibClamAV debug: cli_peheader: parsing version info @ rva 1a048 (1/1) LibClamAV debug: VersionInfo (18116): 'CompanyName'='Acresso Software Inc.' - VI:43006f006d00700061006e0079004e0061006d006500000000004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e000000 LibClamAV debug: VersionInfo (18162): 'FileDescription'='SetAllUsers' - VI:460069006c0065004400650073006300720069007000740069006f006e000000000053006500740041006c006c00550073006500720073000000 LibClamAV debug: VersionInfo (181a2): 'FileVersion'='16.0.328' - VI:460069006c006500560065007200730069006f006e0000000000310036002e0030002e0033003200380000000000 LibClamAV debug: VersionInfo (181d6): 'InternalName'='SetAllUsers' - VI:49006e007400650072006e0061006c004e0061006d006500000053006500740041006c006c00550073006500720073000000 LibClamAV debug: VersionInfo (1820e): 'LegalCopyright'='Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000390020004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e00200061006e0064002f006f007200200049006e007300740061006c006c0053006800690065006c006400200043006f002e00200049006e0063002e00200041006c006c0020005200690067006800740073002000520065007300650072007600650064002e000000 LibClamAV debug: VersionInfo (182ea): 'OriginalFilename'='SetAllUsers.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d006500000053006500740041006c006c00550073006500720073002e0064006c006c000000 LibClamAV debug: VersionInfo (18332): 'ProductName'='InstallShield' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c0064000000 LibClamAV debug: VersionInfo (1836e): 'ProductVersion'='16.0' - VI:500072006f006400750063007400560065007200730069006f006e000000310036002e00300000000000 LibClamAV debug: VersionInfo (1839e): 'Internal Build Number'='90563' - VI:49006e007400650072006e0061006c0020004200750069006c00640020004e0075006d0062006500720000000000390030003500360033000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 9, capacity: 64 LibClamAV debug: e_lfanew == 264 LibClamAV debug: File type: DLL LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 5 LibClamAV debug: TimeDateStamp: Wed Jun 10 19:15:27 2009 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x10000 LibClamAV debug: SizeOfInitializedData: 0xe000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x7735 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x1f000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0xfa52 0x10000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x10000 0x10000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x2038 0x3000 LibClamAV debug: VirtualAddress: 0x11000 0x11000 LibClamAV debug: SizeOfRawData: 0x3000 0x3000 LibClamAV debug: PointerToRawData: 0x11000 0x11000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x5848 0x6000 LibClamAV debug: VirtualAddress: 0x14000 0x14000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x14000 0x14000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x420 0x1000 LibClamAV debug: VirtualAddress: 0x1a000 0x1a000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x18000 0x18000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .reloc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x3e14 0x4000 LibClamAV debug: VirtualAddress: 0x1b000 0x1b000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x19000 0x19000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x7735 (30517) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 1b05788b22e09f5f4282f06a1686ba1f (level 0) LibClamAV debug: OLE2: binary.isselfreg.dll [file] r size:0x00029538 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_mdoaa__pdmaa_n_odpaa__mdoaa_~u' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-797d8ef8839ec14c8e1a5dea0b05fcb3.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: b9be841281819a5af07e3611913a55f5 is negative LibClamAV debug: in cli_peheader LibClamAV debug: versioninfo_cb: type: 10, name: 1, lang: 409, rva: 24048 LibClamAV debug: cli_peheader: parsing version info @ rva 24048 (1/1) LibClamAV debug: VersionInfo (220fe): 'CompanyName'='Acresso Software Inc.' - VI:43006f006d00700061006e0079004e0061006d006500000000004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e000000 LibClamAV debug: VersionInfo (2214a): 'FileDescription'='ISRegSvr.dll Module' - VI:460069006c0065004400650073006300720069007000740069006f006e0000000000490053005200650067005300760072002e0064006c006c0020004d006f00640075006c0065000000 LibClamAV debug: VersionInfo (2219a): 'FileVersion'='16.0.0.328' - VI:460069006c006500560065007200730069006f006e0000000000310036002e0030002e0030002e0033003200380000000000 LibClamAV debug: VersionInfo (221d2): 'InternalName'='ISRegSvr.dll' - VI:49006e007400650072006e0061006c004e0061006d0065000000490053005200650067005300760072002e0064006c006c0000000000 LibClamAV debug: VersionInfo (2220e): 'OriginalFilename'='ISRegSvr.dll' - VI:4f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000490053005200650067005300760072002e0064006c006c0000000000 LibClamAV debug: VersionInfo (22252): 'LegalCopyright'='Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.' - VI:4c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000320030003000390020004100630072006500730073006f00200053006f00660074007700610072006500200049006e0063002e00200061006e0064002f006f007200200049006e007300740061006c006c0053006800690065006c006400200043006f002e00200049006e0063002e00200041006c006c0020005200690067006800740073002000520065007300650072007600650064002e000000 LibClamAV debug: VersionInfo (2232e): 'ProductName'='InstallShield' - VI:500072006f0064007500630074004e0061006d0065000000000049006e007300740061006c006c0053006800690065006c0064000000 LibClamAV debug: VersionInfo (2236a): 'ProductVersion'='16.0' - VI:500072006f006400750063007400560065007200730069006f006e000000310036002e00300000000000 LibClamAV debug: VersionInfo (2239a): 'Internal Build Number'='90563' - VI:49006e007400650072006e0061006c0020004200750069006c00640020004e0075006d0062006500720000000000390030003500360033000000 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 9, capacity: 64 LibClamAV debug: e_lfanew == 264 LibClamAV debug: File type: DLL LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 5 LibClamAV debug: TimeDateStamp: Wed Jun 10 19:15:13 2009 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x1a000 LibClamAV debug: SizeOfInitializedData: 0xf000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x11b2d LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x2a000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x19cd6 0x1a000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x1a000 0x1a000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x29d4 0x3000 LibClamAV debug: VirtualAddress: 0x1b000 0x1b000 LibClamAV debug: SizeOfRawData: 0x3000 0x3000 LibClamAV debug: PointerToRawData: 0x1b000 0x1b000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x5848 0x6000 LibClamAV debug: VirtualAddress: 0x1e000 0x1e000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x1e000 0x1e000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x418 0x1000 LibClamAV debug: VirtualAddress: 0x24000 0x24000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x22000 0x22000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .reloc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x4178 0x5000 LibClamAV debug: VirtualAddress: 0x25000 0x25000 LibClamAV debug: SizeOfRawData: 0x5000 0x5000 LibClamAV debug: PointerToRawData: 0x23000 0x23000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x11b2d (72493) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: b9be841281819a5af07e3611913a55f5 (level 0) LibClamAV debug: OLE2: 01featurecomponents [file] b size:0x0000000c flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_cepaa__feeaa_x(2_eedaa_1_febaa_6' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-e510a43ffa0610be67794c0c49c0e8d6.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: 40851857aabf17a3d1726e11ac6a1f53 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 40851857aabf17a3d1726e11ac6a1f53 (level 0) LibClamAV debug: OLE2: binary.isexphlp.dll [file] b size:0x00019538 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_mdoaa__ldmaa__eelaa__debaa__hedaa__dehaa_/' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-3491f734110d5d97dddcc1e9c091cd08.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 067bdf5e3c696b2cf069f1e1fc536cb0 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: e_lfanew == 224 LibClamAV debug: File type: DLL LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 4 LibClamAV debug: TimeDateStamp: Wed Jun 10 19:09:26 2009 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0xf000 LibClamAV debug: SizeOfInitializedData: 0x9000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x7195 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x19000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0xed8e 0xf000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0xf000 0xf000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1940 0x2000 LibClamAV debug: VirtualAddress: 0x10000 0x10000 LibClamAV debug: SizeOfRawData: 0x2000 0x2000 LibClamAV debug: PointerToRawData: 0x10000 0x10000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x4ac8 0x5000 LibClamAV debug: VirtualAddress: 0x12000 0x12000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x12000 0x12000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .reloc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x176c 0x2000 LibClamAV debug: VirtualAddress: 0x17000 0x17000 LibClamAV debug: SizeOfRawData: 0x2000 0x2000 LibClamAV debug: PointerToRawData: 0x16000 0x16000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x7195 (29077) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 067bdf5e3c696b2cf069f1e1fc536cb0 (level 0) LibClamAV debug: OLE2: 01controlcondition [file] r size:0x000002f0 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_eemaa__febaa__eefaa_/r'7r' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-7cb10bee63532648e5191c148dd6cd96.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 631c091fbd1542633b3b80f0f480bd41 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 631c091fbd1542633b3b80f0f480bd41 (level 0) LibClamAV debug: OLE2: binary.newbinary6 [file] b size:0x000011b6 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_6_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-1ae60dd3ab9d1f76d1d3638b1e7dffcc.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 7ae6211cf33f3b24bcb3dfe2335ae665 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 7ae6211cf33f3b24bcb3dfe2335ae665 (level 0) LibClamAV debug: OLE2: binary.newbinary8 [file] b size:0x000002fe flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_8_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-abb51ed25dd88260cd32aac2fa7689e5.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: fc70c1cdfdde03de2fe0df7d2e765232 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: fc70c1cdfdde03de2fe0df7d2e765232 (level 0) LibClamAV debug: OLE2: binary.newbinary9 [file] r size:0x00002796 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_9_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-9b1c5683384e619e725b02775ad8001a.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 6e42cf0d47af25dea4cecdbe093d521c is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 6e42cf0d47af25dea4cecdbe093d521c (level 0) LibClamAV debug: OLE2: binary.newbinary7 [file] r size:0x000002fe flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_7_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-d0bdd3ba628c1e42ed87eb6687ec9c44.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 6d13676263dc9721edebaafc689d8041 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 6d13676263dc9721edebaafc689d8041 (level 0) LibClamAV debug: OLE2: binary.newbinary5 [file] b size:0x00003c08 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_5_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-3d4161eb90445e933e1fa152f4bb8a91.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized JPEG file LibClamAV debug: cache_check: a0c5d37ce39f8af4aeb99955f7c1403b is negative LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: a0c5d37ce39f8af4aeb99955f7c1403b (level 0) LibClamAV debug: OLE2: binary.newbinary14 [file] b size:0x000002fe flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_1_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-866d2dcab47eb043282481a6c86669c8.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 836970e8db25825325451f01f48383f9 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 836970e8db25825325451f01f48383f9 (level 0) LibClamAV debug: OLE2: binary.newbinary18 [file] b size:0x000002fe flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_1_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-ec59c634e98d8509de6c326fe98405a9.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 33190636e8e16cc2aeb9d16a9edf7d81 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 33190636e8e16cc2aeb9d16a9edf7d81 (level 0) LibClamAV debug: OLE2: binary.newbinary2 [file] b size:0x0000013e flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_2_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-497274b9d4bb7d8966e57214b0ee0808.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: c23cbf002d82192481b61ed7ec0890f4 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: c23cbf002d82192481b61ed7ec0890f4 (level 0) LibClamAV debug: OLE2: binary.newbinary3 [file] b size:0x0000013e flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_3_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-a7c68558cbd45ba3c0862cbc732c23cf.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 83730ac00391fb0f02f56fe2e4207a10 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 83730ac00391fb0f02f56fe2e4207a10 (level 0) LibClamAV debug: OLE2: binary.newbinary1 [file] b size:0x00000d0c flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_1_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-cefb3218de31af742c5ee2346477528b.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized JPEG file LibClamAV debug: cache_check: aa262223edcb4133972080119eca45ea is negative LibClamAV debug: in cli_check_jpeg_exploit() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: aa262223edcb4133972080119eca45ea (level 0) LibClamAV debug: OLE2: binary.newbinary16 [file] b size:0x000002fe flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_jdbaa_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-943a56e74b785797316226071927df71.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 9b140369b669be06a15d6c7ce099c48d is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 9b140369b669be06a15d6c7ce099c48d (level 0) LibClamAV debug: OLE2: binary.newbinary17 [file] b size:0x000002fe flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_jdbaa_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-c5c57ef6864ba1859b66cee54267632d.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: a74f8a3a31718b091713ace0eeb60de6 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: a74f8a3a31718b091713ace0eeb60de6 (level 0) LibClamAV debug: OLE2: binary.newbinary15 [file] b size:0x000002fe flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15a' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-de610e21f9394bdbed0a373984230d66.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 17dcb1a90bb1aa39c6d4b168119145b5 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 17dcb1a90bb1aa39c6d4b168119145b5 (level 0) LibClamAV debug: OLE2: binary.newbinary10 [file] b size:0x000011b6 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_1_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-094a1fe42f8b928ccec05b7b7b7fb352.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 7f2548dc667d9a15410e22ed3a0fd099 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 7f2548dc667d9a15410e22ed3a0fd099 (level 0) LibClamAV debug: OLE2: binary.newbinary12 [file] b size:0x00000cbe flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_idbaa_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-4d8cb2826db2ddd1a4f04b83dd846357.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 6eb0cce1ca5d515df02f3770eac436b4 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 6eb0cce1ca5d515df02f3770eac436b4 (level 0) LibClamAV debug: OLE2: binary.newbinary13 [file] b size:0x000002fe flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15_idbaa_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-67b66d89c8db13e022de88cc414c850e.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 6052220b412200fcfe2c8e77cce7c42a is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 6052220b412200fcfe2c8e77cce7c42a (level 0) LibClamAV debug: OLE2: binary.newbinary11 [file] b size:0x000011b6 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_delaa_15_ndoaa__geiaa__delaa_15a' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-37caf1efe313030ce610cb853b94aa23.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 7ae6211cf33f3b24bcb3dfe2335ae665 is positive LibClamAV debug: cli_magic_scandesc: returning 0 at line 3042 (no post, no cache) LibClamAV debug: OLE2: 01controlevent [file] r size:0x00000798 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_eemaa__febaa__eefaa__ldpaa_9_febaa_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-c0d346825878111476e4cf9c46a8d150.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: adac420ec72c05e7dfb06f38cf1933b6 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: adac420ec72c05e7dfb06f38cf1933b6 (level 0) LibClamAV debug: OLE2: 01createfolder [file] b size:0x00000008 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@l(7_eepaa__bepaa_h' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-23b7ed0c073b2f4715c0ddcdd2567785.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: ac433835c2d3b0c38eabd00560093d75 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: ac433835c2d3b0c38eabd00560093d75 (level 0) LibClamAV debug: OLE2: 01customaction [file] b size:0x00000060 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_gemaa__fegaa_2_bekaa_7r' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-52d92b32035bee89d5d605fda4b79ab2.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 4cdd6cde882952408d1ef3f88edfeaa3 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 4cdd6cde882952408d1ef3f88edfeaa3 (level 0) LibClamAV debug: OLE2: 01eventmapping [file] r size:0x00000078 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@nh_ndhaa__eeeaa_3_cebaa_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-6751acff813eb5604f8a5d2b5afdfab7.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: 400e1608b2521f32077a2409026e599b is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 400e1608b2521f32077a2409026e599b (level 0) LibClamAV debug: OLE2: 01msifilehash [file] r size:0x00000014 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_fegaa__ldmaa__demaa_h_feeaa_+' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-18aefcc77d4b3d61606453e7fbaa7473.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: 85526b2efc358624dc2b5484b49ec495 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 85526b2efc358624dc2b5484b49ec495 (level 0) LibClamAV debug: OLE2: 01_validation [file] b size:0x000012d8 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_pdpaa__deeaa__bemaa__feeaa__eemaa_1' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-f8c2c936483e6ef8800c9c4d7f224997.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: dd00094e2735911ac4edfe57b574bdf8 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: dd00094e2735911ac4edfe57b574bdf8 (level 0) LibClamAV debug: OLE2: 01radiobutton [file] b size:0x000000d8 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_belaa_'_kdcaa__feiaa__eehaa_1' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-d84e38104489f722283fd00496f82fd5.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 02b76e2ad49a575e7adb59fc0cf9e629 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 02b76e2ad49a575e7adb59fc0cf9e629 (level 0) LibClamAV debug: OLE2: 01component [file] r size:0x00000024 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_eemaa__eeaaa_rh7' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-7d1d5e050665680d6f38b81cdb4cba59.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 4288708281468e9daee219a08ebb7716 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 4288708281468e9daee219a08ebb7716 (level 0) LibClamAV debug: OLE2: 01_stringdata [file] b size:0x00016eed flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@?wlj_feeaa_$' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-53b1987db8b7b180247ff7e83b8d0680.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: 326928e2791390490f331ecf8bd610f1 is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 326928e2791390490f331ecf8bd610f1 (level 0) LibClamAV debug: OLE2: 01_stringpool [file] r size:0x00002c1c flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@?wlj_eecaa_/' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-8f24aed79a0408d031a5184c007d6496.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 01d545252f6faa983f19008530e7a862 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 01d545252f6faa983f19008530e7a862 (level 0) LibClamAV debug: OLE2: 01issetuptype [file] r size:0x00000018 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_pdcaa__cemaa_7s_eemaa_(' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-3eef859888f332e731635846860b0e77.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 047a05b3ce47763a239dd0a5e9742f9a is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 047a05b3ce47763a239dd0a5e9742f9a (level 0) LibClamAV debug: OLE2: 01upgrade [file] b size:0x00000010 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_eeoaa_j_beeaa_(' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-34073074818a0299256b1d7a1388317e.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 7ff2b0570dc7468f539f2c7e514ebc91 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 7ff2b0570dc7468f539f2c7e514ebc91 (level 0) LibClamAV debug: OLE2: 01textstyle [file] b size:0x00000120 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_cenaa__felaa__femaa__demaa_(' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-fb36ace6656ae75d6e83f5dbd5bf3a5c.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: fa6afc971904f8d2e449c17014c0a8ad is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: fa6afc971904f8d2e449c17014c0a8ad (level 0) LibClamAV debug: OLE2: 01directory [file] r size:0x00000042 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_denaa_5_fegaa_r<' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-8d3c67e2fd1d40652d8b28f7f25d85ec.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 602fad121f27bc6f08468195956651b1 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 602fad121f27bc6f08468195956651b1 (level 0) LibClamAV debug: OLE2: 01actiontext [file] b size:0x000001a4 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_bekaa_7r_cenaa__felaa_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-f0ab68e9b5ee988b66da5e295405be00.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: fbb9e1da03525140eca2290883374101 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: fbb9e1da03525140eca2290883374101 (level 0) LibClamAV debug: OLE2: 01property [file] r size:0x00000140 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@y_eecaa_h7' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-113a961c879abe1cc98b5dbc3416fe23.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: 7eedccf84814ab89c9be1971916b2340 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 7eedccf84814ab89c9be1971916b2340 (level 0) LibClamAV debug: OLE2: 01checkbox [file] b size:0x0000000c flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_cemaa__beiaa__kdoaa__gecaa_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-a6642b417551ee6535a1e8ca27e1bffb.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: 89b7b3da5974ee1a40e9b8fea7f59ae7 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 89b7b3da5974ee1a40e9b8fea7f59ae7 (level 0) LibClamAV debug: OLE2: 01control [file] r size:0x0000293c flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_eemaa__febaa__eefaa_/' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-91bc29600a200d1cb9d94102c1a485c1.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: aa247c4e9b047130ca0aa178972ba508 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: aa247c4e9b047130ca0aa178972ba508 (level 0) LibClamAV debug: OLE2: 01file [file] b size:0x00000012 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_depaa_/' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-88d3b98395f5018a9402d5ae957f944d.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: d56f92bbf68e34293641e5e0f9bc2857 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: d56f92bbf68e34293641e5e0f9bc2857 (level 0) LibClamAV debug: OLE2: 01binary [file] r size:0x00000054 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_delaa_15' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-16a71b2836c4c3300a880539d594be9c.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: 1d58b97dfce3ba06a0e4a00f982cf2ef is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 1d58b97dfce3ba06a0e4a00f982cf2ef (level 0) LibClamAV debug: OLE2: 01feature [file] b size:0x00000010 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_cepaa__feeaa_x(' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-9a2eb5031e301fd99efb19dd3dc8fe6f.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 8aed2b47eaa29d720da73246e463d67a is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 8aed2b47eaa29d720da73246e463d67a (level 0) LibClamAV debug: OLE2: 01error [file] r size:0x00000994 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@n_eefaa_5' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-eb3db0b6f6354918770e172713bb5602.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: d8edf31a1e45752e1654492056feaa2b is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: d8edf31a1e45752e1654492056feaa2b (level 0) LibClamAV debug: OLE2: 01_columns [file] b size:0x00000578 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@?_decaa_8_febaa_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-34a613d82416ec3603377fa6b64de71a.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 2bb78a0fec31babea8bb931d7e152026 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 2bb78a0fec31babea8bb931d7e152026 (level 0) LibClamAV debug: OLE2: 01_tables [file] r size:0x0000004c flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_pdpaa_d/6' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-9ae862989f5fd049fc6b834cddb25fe9.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: 023736b780fd296af291267d4904603f is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 023736b780fd296af291267d4904603f (level 0) LibClamAV debug: OLE2: data1.cab [file] r size:0x0000014f flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '_benaa_7_hebaa_&%' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-8dde71b7c37122f8440f0a5abf8d65d2.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized MS CAB file LibClamAV debug: cache_check: 541061b126a8ff657e1f9f842a47a1f7 is negative LibClamAV debug: mspack_fmap_seek() err 229 LibClamAV debug: cli_scanmscab() failed at 375 LibClamAV debug: Matched signature for file type CAB-SFX at 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: Descriptor[6]: CL_EFORMAT: Bad format or broken data LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: OLE2: 01dialog [file] b size:0x000002aa flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_denaa__deeaa__cecaa_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-0949cb3c3dc7800efb91d02fc194cf36.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized UTF-16BE character data LibClamAV debug: cache_check: 84e7065400cff6f1ecc5e23c58e391c1 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 84e7065400cff6f1ecc5e23c58e391c1 (level 0) LibClamAV debug: OLE2: 01uitext [file] b size:0x000000c8 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_mdoaa__cenaa__felaa_' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-6ad127da3abc043b4e6156fd64aedf2d.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: bcf49141bfb52d8e23ad1b18a2ea2757 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: bcf49141bfb52d8e23ad1b18a2ea2757 (level 0) LibClamAV debug: OLE2: 01media [file] r size:0x0000000c flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_cegaa_'$' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-3335447411942f7bbd8c34ca96e444c3.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: a97b27682d18005b39804ee3b34dc910 is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: a97b27682d18005b39804ee3b34dc910 (level 0) LibClamAV debug: OLE2: 01icon [file] b size:0x00000004 flags:0x00000000 LibClamAV debug: OLE2 [handler_otf]: Dumping '@_becaa_r' to '/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-8508414aa25e181642dbb296a8ec9738.tmp' LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Small data (4 bytes) LibClamAV debug: cli_magic_scandesc: returning 0 at line 3602 (no post, no cache) LibClamAV debug: Matched signature for file type CAB-SFX at 33216 LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: CAB/CAB-SFX signature found at 33216 LibClamAV debug: mspack_fmap_seek() err 229 LibClamAV debug: cli_scanmscab() failed at 375 LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: *** Detected embedded PE file at 83456 *** LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 80602adb585dff22912d5ad9fdfc29b9 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: Not a PE file LibClamAV debug: in cli_peheader LibClamAV debug: Not a PE file LibClamAV debug: in cli_peheader LibClamAV debug: Not a PE file LibClamAV debug: in cli_peheader LibClamAV debug: *** Detected embedded PE file at 114176 *** LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 5/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 5dc409d548391b13331fa56bccb4111c is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: *** Detected embedded PE file at 124928 *** LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 7/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 1367b42fff4130b71fe4f28e0afb782f is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_peheader LibClamAV debug: cli_peheader: Can't read file header LibClamAV debug: in cli_peheader LibClamAV debug: *** Detected embedded PE file at 104960 *** LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_magic_scandesc (reclevel: 9/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: 06ff30bbd34602b311b8ecf049115412 is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: e_lfanew == 264 LibClamAV debug: File type: DLL LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 5 LibClamAV debug: TimeDateStamp: Wed Jun 10 19:15:13 2009 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x1a000 LibClamAV debug: SizeOfInitializedData: 0xf000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x11b2d LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x2a000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x19cd6 0x1a000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x1a000 0x1a000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x29d4 0x3000 LibClamAV debug: VirtualAddress: 0x1b000 0x1b000 LibClamAV debug: SizeOfRawData: 0x3000 0x3000 LibClamAV debug: PointerToRawData: 0x1b000 0x1b000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x5848 0x6000 LibClamAV debug: VirtualAddress: 0x1e000 0x1e000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x1e000 0x1e000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x418 0x1000 LibClamAV debug: VirtualAddress: 0x24000 0x24000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x22000 0x22000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .reloc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x4178 0x5000 LibClamAV debug: VirtualAddress: 0x25000 0x25000 LibClamAV debug: SizeOfRawData: 0x5000 0x5000 LibClamAV debug: PointerToRawData: 0x23000 0x23000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x11b2d (72493) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 06ff30bbd34602b311b8ecf049115412 (level 0) LibClamAV debug: e_lfanew == 224 LibClamAV debug: File type: DLL LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 4 LibClamAV debug: TimeDateStamp: Wed Jun 10 19:09:26 2009 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0xf000 LibClamAV debug: SizeOfInitializedData: 0x9000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x7195 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x19000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0xed8e 0xf000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0xf000 0xf000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x1940 0x2000 LibClamAV debug: VirtualAddress: 0x10000 0x10000 LibClamAV debug: SizeOfRawData: 0x2000 0x2000 LibClamAV debug: PointerToRawData: 0x10000 0x10000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x4ac8 0x5000 LibClamAV debug: VirtualAddress: 0x12000 0x12000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x12000 0x12000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .reloc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x176c 0x2000 LibClamAV debug: VirtualAddress: 0x17000 0x17000 LibClamAV debug: SizeOfRawData: 0x2000 0x2000 LibClamAV debug: PointerToRawData: 0x16000 0x16000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x7195 (29077) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 1367b42fff4130b71fe4f28e0afb782f (level 0) LibClamAV debug: e_lfanew == 264 LibClamAV debug: File type: DLL LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 5 LibClamAV debug: TimeDateStamp: Wed Jun 10 19:15:27 2009 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x10000 LibClamAV debug: SizeOfInitializedData: 0xe000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x7735 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0x1f000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0xfa52 0x10000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x10000 0x10000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x2038 0x3000 LibClamAV debug: VirtualAddress: 0x11000 0x11000 LibClamAV debug: SizeOfRawData: 0x3000 0x3000 LibClamAV debug: PointerToRawData: 0x11000 0x11000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x5848 0x6000 LibClamAV debug: VirtualAddress: 0x14000 0x14000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x14000 0x14000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x420 0x1000 LibClamAV debug: VirtualAddress: 0x1a000 0x1a000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x18000 0x18000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 4 LibClamAV debug: Section name: .reloc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x3e14 0x4000 LibClamAV debug: VirtualAddress: 0x1b000 0x1b000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x19000 0x19000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x7735 (30517) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 5dc409d548391b13331fa56bccb4111c (level 0) LibClamAV debug: e_lfanew == 216 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 4 LibClamAV debug: TimeDateStamp: Wed Jun 10 21:04:05 2009 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x4000 LibClamAV debug: SizeOfInitializedData: 0x8000 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x1005 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x1000 LibClamAV debug: MajorSubsystemVersion: 4 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0xd000 LibClamAV debug: SizeOfHeaders: 0x1000 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x35ae 0x4000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x1000 0x1000 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x7a0 0x1000 LibClamAV debug: VirtualAddress: 0x5000 0x5000 LibClamAV debug: SizeOfRawData: 0x1000 0x1000 LibClamAV debug: PointerToRawData: 0x5000 0x5000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x29dc 0x3000 LibClamAV debug: VirtualAddress: 0x6000 0x6000 LibClamAV debug: SizeOfRawData: 0x3000 0x3000 LibClamAV debug: PointerToRawData: 0x6000 0x6000 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x30e4 0x4000 LibClamAV debug: VirtualAddress: 0x9000 0x9000 LibClamAV debug: SizeOfRawData: 0x4000 0x4000 LibClamAV debug: PointerToRawData: 0x9000 0x9000 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x1005 (4101) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 80602adb585dff22912d5ad9fdfc29b9 (level 0) LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: efa529f28de651b561dc36646733e7e6 (level 0) LibClamAV debug: ishield-msi: File Setup.ini (csize: 569, unk1:6000000 unk2:0 unk3:0 unk4:1000000 unk5:0 unk6:0 unk7:0 unk8:0 unk9:0 unk10:0 unk11:0) LibClamAV debug: ishield-msi: extracted to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-ba790066db9fa237c4bdb24340c0d80f.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized UTF-16LE character data LibClamAV debug: entconv: Encoding UTF-16LE LibClamAV debug: in_iconv_u16: unprocessed bytes: 0 LibClamAV debug: cache_check: e8cb5418158b5144511e6c10dd1ecdb7 is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: e8cb5418158b5144511e6c10dd1ecdb7 (level 0) LibClamAV debug: ISHIELD-MSI signature found at 572044 LibClamAV debug: in ishield-msi LibClamAV debug: e_lfanew == 264 LibClamAV debug: File type: Executable LibClamAV debug: Machine type: 80386 LibClamAV debug: NumberOfSections: 4 LibClamAV debug: TimeDateStamp: Wed Jun 10 21:03:20 2009 LibClamAV debug: SizeOfOptionalHeader: e0 LibClamAV debug: File format: PE LibClamAV debug: MajorLinkerVersion: 6 LibClamAV debug: MinorLinkerVersion: 0 LibClamAV debug: SizeOfCode: 0x73c00 LibClamAV debug: SizeOfInitializedData: 0x6b800 LibClamAV debug: SizeOfUninitializedData: 0x0 LibClamAV debug: AddressOfEntryPoint: 0x55fc3 LibClamAV debug: BaseOfCode: 0x1000 LibClamAV debug: SectionAlignment: 0x1000 LibClamAV debug: FileAlignment: 0x200 LibClamAV debug: MajorSubsystemVersion: 5 LibClamAV debug: MinorSubsystemVersion: 0 LibClamAV debug: SizeOfImage: 0xe7000 LibClamAV debug: SizeOfHeaders: 0x400 LibClamAV debug: NumberOfRvaAndSizes: 16 LibClamAV debug: Subsystem: Win32 GUI LibClamAV debug: ------------------------------------ LibClamAV debug: Section 0 LibClamAV debug: Section name: .text LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x73b30 0x74000 LibClamAV debug: VirtualAddress: 0x1000 0x1000 LibClamAV debug: SizeOfRawData: 0x73c00 0x73c00 LibClamAV debug: PointerToRawData: 0x400 0x400 LibClamAV debug: Section contains executable code LibClamAV debug: Section's memory is executable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 1 LibClamAV debug: Section name: .rdata LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x13374 0x14000 LibClamAV debug: VirtualAddress: 0x75000 0x75000 LibClamAV debug: SizeOfRawData: 0x13400 0x13400 LibClamAV debug: PointerToRawData: 0x74000 0x74000 LibClamAV debug: ------------------------------------ LibClamAV debug: Section 2 LibClamAV debug: Section name: .data LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0xfce8 0x10000 LibClamAV debug: VirtualAddress: 0x89000 0x89000 LibClamAV debug: SizeOfRawData: 0xa600 0xa600 LibClamAV debug: PointerToRawData: 0x87400 0x87400 LibClamAV debug: Section's memory is writeable LibClamAV debug: ------------------------------------ LibClamAV debug: Section 3 LibClamAV debug: Section name: .rsrc LibClamAV debug: Section data (from headers - in memory) LibClamAV debug: VirtualSize: 0x4dcf0 0x4e000 LibClamAV debug: VirtualAddress: 0x99000 0x99000 LibClamAV debug: SizeOfRawData: 0x4de00 0x4de00 LibClamAV debug: PointerToRawData: 0x91a00 0x91a00 LibClamAV debug: ------------------------------------ LibClamAV debug: EntryPoint offset: 0x553c3 (349123) LibClamAV debug: Bytecode executing hook id 259 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: Bytecode executing hook id 257 (0 hooks) LibClamAV debug: Bytecode: no logical signature matched, no bytecode executed LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 2f60b47aa5ff8931c786fbe0eafc657e (level 0) LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: 0fcad0a2051bd0dfc8222694a41e2f86 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 8eaa9787edb074abdfaa93e15c33a8e2 is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-470beaa621ba7f8ab11b9eebb01311eb.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4760, [11230 in octal] LibClamAV debug: cli_untar: Checksum 4760 is valid. LibClamAV debug: cli_untar: size = 1539 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1539:clam01.tgz:1539:1539:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-470beaa621ba7f8ab11b9eebb01311eb.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: cli_untar: pos = 2048 LibClamAV debug: cli_untar: pos = 2560 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: 86b9faab66dfbb5494f02098de233337 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 1fd8b88265ce3f5f609112d1d7290360 is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-d7b20f3132f0f00e4dc187f3920d1abf.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4760, [11230 in octal] LibClamAV debug: cli_untar: Checksum 4760 is valid. LibClamAV debug: cli_untar: size = 1362 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1362:clam02.tgz:1362:1362:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-d7b20f3132f0f00e4dc187f3920d1abf.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: cli_untar: pos = 2048 LibClamAV debug: in cli_magic_scandesc (reclevel: 4/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: 3fd6edd55afc9ffd1b1b3a14037d318d is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 5/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 4686aa63b54275d9291460aeb43112fc is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-8753010eeaafce058765c6e41796474d.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4761, [11231 in octal] LibClamAV debug: cli_untar: Checksum 4761 is valid. LibClamAV debug: cli_untar: size = 1184 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1184:clam03.tgz:1184:1184:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-8753010eeaafce058765c6e41796474d.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: cli_untar: pos = 2048 LibClamAV debug: in cli_magic_scandesc (reclevel: 6/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: eefe348a7f2bbb93457c7542f2d25d40 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 7/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: c7035dd4361509ca567acf285f9cae7d is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-5d87df0b5227f32091ddea76d8ffaadf.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4762, [11232 in octal] LibClamAV debug: cli_untar: Checksum 4762 is valid. LibClamAV debug: cli_untar: size = 1028 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1028:clam04.tgz:1028:1028:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-5d87df0b5227f32091ddea76d8ffaadf.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: cli_untar: pos = 2048 LibClamAV debug: in cli_magic_scandesc (reclevel: 8/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: ae187a29a2985e38431a78c6af659c36 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 9/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: c465b8291b2cfe4dbc1c457feef5364a is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-7d7c413346b2efd722077a18fd6ff436.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4763, [11233 in octal] LibClamAV debug: cli_untar: Checksum 4763 is valid. LibClamAV debug: cli_untar: size = 844 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:844:clam05.tgz:844:844:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-7d7c413346b2efd722077a18fd6ff436.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: in cli_magic_scandesc (reclevel: 10/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: f81648d0166b550d74b5972632035215 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 11/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 97e0ec966bce0ed5368f7abd66a8a566 is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-592c7ec84c76c33252d8e6d666eaeccf.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4771, [11243 in octal] LibClamAV debug: cli_untar: Checksum 4771 is valid. LibClamAV debug: cli_untar: size = 694 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:694:clam06.tgz:694:694:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-592c7ec84c76c33252d8e6d666eaeccf.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: in cli_magic_scandesc (reclevel: 12/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: 229f703eda82655237de5742b71337e3 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 13/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 14ee5843e6c9e23c48e0a4c72f1b0055 is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-4e25e544627af11bb9b23049b302286c.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4764, [11234 in octal] LibClamAV debug: cli_untar: Checksum 4764 is valid. LibClamAV debug: cli_untar: size = 550 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:550:clam07.tgz:550:550:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-4e25e544627af11bb9b23049b302286c.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: in cli_magic_scandesc (reclevel: 14/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: a9d25b35786e3a86e7d95e5b6af41544 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 15/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 9c2ea61e882349220e49b33a56b4ac08 is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-bbf3a4a5b3daae92b82b87f8137202b6.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4773, [11245 in octal] LibClamAV debug: cli_untar: Checksum 4773 is valid. LibClamAV debug: cli_untar: size = 389 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:389:clam08.tgz:389:389:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-bbf3a4a5b3daae92b82b87f8137202b6.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: in cli_magic_scandesc (reclevel: 16/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: 497c54d7262dc2c8b74fd3eb327099c5 is negative LibClamAV debug: cli_magic_scandesc: Hit recursion limit, only scanning raw file LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: emax_reached: marked parents as non cacheable LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 9c2ea61e882349220e49b33a56b4ac08 (level 15) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: a9d25b35786e3a86e7d95e5b6af41544 (level 14) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 14ee5843e6c9e23c48e0a4c72f1b0055 (level 13) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 229f703eda82655237de5742b71337e3 (level 12) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 97e0ec966bce0ed5368f7abd66a8a566 (level 11) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: f81648d0166b550d74b5972632035215 (level 10) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: c465b8291b2cfe4dbc1c457feef5364a (level 9) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: ae187a29a2985e38431a78c6af659c36 (level 8) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: c7035dd4361509ca567acf285f9cae7d (level 7) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: eefe348a7f2bbb93457c7542f2d25d40 (level 6) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 4686aa63b54275d9291460aeb43112fc (level 5) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 3fd6edd55afc9ffd1b1b3a14037d318d (level 4) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 1fd8b88265ce3f5f609112d1d7290360 (level 3) LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cli_magic_scandesc: returning 0 at line 2772 LibClamAV debug: cache_add: 86b9faab66dfbb5494f02098de233337 (level 2) LibClamAV debug: cli_untar: Candidate checksum = 4760, [11230 in octal] LibClamAV debug: cli_untar: Checksum 4760 is valid. LibClamAV debug: cli_untar: size = 1362 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1362:clam02.tgz:1362:1362:0:2:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-470beaa621ba7f8ab11b9eebb01311eb.tmp/tar02 LibClamAV debug: cli_untar: pos = 3072 LibClamAV debug: cli_untar: pos = 3584 LibClamAV debug: cli_untar: pos = 4096 LibClamAV debug: cli_untar: pos = 4608 LibClamAV debug: in cli_magic_scandesc (reclevel: 2/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: 3fd6edd55afc9ffd1b1b3a14037d318d is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 3/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 4686aa63b54275d9291460aeb43112fc is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-55a438eca5b9e52d10c8abdedebb604d.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4761, [11231 in octal] LibClamAV debug: cli_untar: Checksum 4761 is valid. LibClamAV debug: cli_untar: size = 1184 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1184:clam03.tgz:1184:1184:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-55a438eca5b9e52d10c8abdedebb604d.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: cli_untar: pos = 2048 LibClamAV debug: in cli_magic_scandesc (reclevel: 4/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: eefe348a7f2bbb93457c7542f2d25d40 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 5/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: c7035dd4361509ca567acf285f9cae7d is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-89d8eac7c22701b43a6eede017843d86.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4762, [11232 in octal] LibClamAV debug: cli_untar: Checksum 4762 is valid. LibClamAV debug: cli_untar: size = 1028 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:1028:clam04.tgz:1028:1028:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-89d8eac7c22701b43a6eede017843d86.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: cli_untar: pos = 2048 LibClamAV debug: in cli_magic_scandesc (reclevel: 6/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: ae187a29a2985e38431a78c6af659c36 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 7/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: c465b8291b2cfe4dbc1c457feef5364a is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-037c46d76f0a5280886a79195b7d3dd5.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4763, [11233 in octal] LibClamAV debug: cli_untar: Checksum 4763 is valid. LibClamAV debug: cli_untar: size = 844 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:844:clam05.tgz:844:844:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-037c46d76f0a5280886a79195b7d3dd5.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: in cli_magic_scandesc (reclevel: 8/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: f81648d0166b550d74b5972632035215 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 9/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 97e0ec966bce0ed5368f7abd66a8a566 is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-e993f4c4ea621cb203dc7522c339e16e.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4771, [11243 in octal] LibClamAV debug: cli_untar: Checksum 4771 is valid. LibClamAV debug: cli_untar: size = 694 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:694:clam06.tgz:694:694:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-e993f4c4ea621cb203dc7522c339e16e.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: in cli_magic_scandesc (reclevel: 10/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: 229f703eda82655237de5742b71337e3 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 11/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 14ee5843e6c9e23c48e0a4c72f1b0055 is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-a80c8611a7433053e805aab615da747b.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4764, [11234 in octal] LibClamAV debug: cli_untar: Checksum 4764 is valid. LibClamAV debug: cli_untar: size = 550 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:550:clam07.tgz:550:550:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-a80c8611a7433053e805aab615da747b.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: in cli_magic_scandesc (reclevel: 12/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: a9d25b35786e3a86e7d95e5b6af41544 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 13/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 9c2ea61e882349220e49b33a56b4ac08 is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-ffc145565a50778cc929fec965892dd4.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4773, [11245 in octal] LibClamAV debug: cli_untar: Checksum 4773 is valid. LibClamAV debug: cli_untar: size = 389 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:389:clam08.tgz:389:389:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-ffc145565a50778cc929fec965892dd4.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: in cli_magic_scandesc (reclevel: 14/16) LibClamAV debug: Recognized GZip file LibClamAV debug: cache_check: 497c54d7262dc2c8b74fd3eb327099c5 is negative LibClamAV debug: in cli_scangzip() LibClamAV debug: in cli_magic_scandesc (reclevel: 15/16) LibClamAV debug: Recognized TAR-POSIX file LibClamAV debug: cache_check: 563085e0481c6f7826f74c3fe04dce6c is negative LibClamAV debug: in cli_scantar() LibClamAV debug: In untar(/var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-6407589f87237b6856f67b287cdf218c.tmp) LibClamAV debug: cli_untar: pos = 0 LibClamAV debug: cli_untar: Candidate checksum = 4645, [11045 in octal] LibClamAV debug: cli_untar: Checksum 4645 is valid. LibClamAV debug: cli_untar: size = 544 LibClamAV debug: CDBNAME:CL_TYPE_POSIX_TAR:544:clam.exe:544:544:0:1:0:(nil) LibClamAV debug: cli_untar: extracting to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-6407589f87237b6856f67b287cdf218c.tmp/tar01 LibClamAV debug: cli_untar: pos = 512 LibClamAV debug: cli_untar: pos = 1024 LibClamAV debug: cli_untar: pos = 1536 LibClamAV debug: in cli_magic_scandesc (reclevel: 16/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: cli_magic_scandesc: Hit recursion limit, only scanning raw file LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found in descriptor 20 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: GZip: Infected with ClamAV-Test-File.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized binary data LibClamAV debug: cache_check: 85831fa179ee6d3a2417a9c10506813e is negative LibClamAV debug: in cli_check_mydoom_log() LibClamAV debug: Matched signature for file type ISO9660 LibClamAV debug: Matched signature for file type PE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ISO9660 signature found at 32768 LibClamAV debug: in cli_scaniso LibClamAV debug: cli_scaniso: Raw sector size: 2048 LibClamAV debug: cli_scaniso: Block size: 2048 LibClamAV debug: cli_scaniso: Volume descriptor version: 1 LibClamAV debug: cli_scaniso: System: LINUX LibClamAV debug: cli_scaniso: Volume: CDROM LibClamAV debug: cli_scaniso: Volume space size: 0xb7 blocks LibClamAV debug: cli_scaniso: Volume 1 of 1 LibClamAV debug: cli_scaniso: Volume Set: LibClamAV debug: cli_scaniso: Publisher: LibClamAV debug: cli_scaniso: Data Preparer: LibClamAV debug: cli_scaniso: Application: GENISOIMAGE ISO 9660_HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE LibClamAV debug: cli_scaniso: Volume creation time: 2011-11-22 19:05:01 LibClamAV debug: cli_scaniso: Volume modification time: 2011-11-22 19:05:01 LibClamAV debug: cli_scaniso: Volume expiration time: 0000-00-00 00:00:00 LibClamAV debug: cli_scaniso: Volume effective time: 2011-11-22 19:05:01 LibClamAV debug: cli_scaniso: Path table size: 0x32 LibClamAV debug: cli_scaniso: LSB Path Table: 0x18 LibClamAV debug: cli_scaniso: Opt LSB Path Table: 0x0 LibClamAV debug: cli_scaniso: MSB Path Table: 0x1a LibClamAV debug: cli_scaniso: Opt MSB Path Table: 0x0 LibClamAV debug: cli_scaniso: File Structure Version: 1 LibClamAV debug: cli_scaniso: Joliet level 3 LibClamAV debug: iso_parse_dir: Directory 'long_dir_is_long': off 1f - size 800 - flags 2 - unit size 0 - gap size 0 - volume 1 LibClamAV debug: CDBNAME:CL_TYPE_ISO9660:2048:long_dir_is_long:2048:2048:0:0:0:(nil) LibClamAV debug: iso_parse_dir: File 'clam_exe_with_a_long_name.exe': off 20 - size 220 - flags 0 - unit size 0 - gap size 0 - volume 1 LibClamAV debug: CDBNAME:CL_TYPE_ISO9660:544:clam_exe_with_a_long_name.exe:544:544:0:0:0:(nil) LibClamAV debug: iso_scan_file: dumping to /var/tmp/portage/app-antivirus/clamav-0.100.0/temp/clamav-096f72cb3567cead5a865b3a4f607ba9.tmp LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) LibClamAV debug: Recognized MS-EXE/DLL file LibClamAV debug: cache_check: aa15bcf478d165efd2065190eb473bcb is negative LibClamAV debug: in cli_peheader LibClamAV debug: Matched signature for file type PE LibClamAV debug: FP SIGNATURE: aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File.UNOFFICIAL LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: hashtab: Freeing hashset, elements: 2, capacity: 1024 LibClamAV debug: ClamAV-Test-File.UNOFFICIAL found LibClamAV debug: cli_magic_scandesc: returning 1 at line 2772 LibClamAV debug: Cleaning up phishcheck LibClamAV debug: Freeing phishcheck struct LibClamAV debug: Phishcheck cleaned up LibClamAV debug: entconv: Destroying iconv pool:0x5f210 LibClamAV debug: entconv: closing iconv:0x5eeb0 LibClamAV debug: entconv: closing iconv:0x60a00 ------------------------------------------------------------------------------- /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-aspack.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-fsg.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-mew.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-nsis.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-pespin.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-petite.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-upack.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-upx.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-v2.rar: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-v3.rar: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-wwpack.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-yc.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.7z: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.arj: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.bin-be.cpio: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.bin-le.cpio: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.bz2.zip: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.d64.zip: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.ea05.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.ea06.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.exe.binhex: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.exe.bz2: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.exe.html: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.exe.mbox.base64: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.exe.mbox.uu: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.exe.rtf: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.exe.szdd: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.impl.zip: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.iso: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.mail: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.newc.cpio: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.odc.cpio: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.ole.doc: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.pdf: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.ppt: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.sis: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.tar.gz: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.tnef: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.zip: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_IScab_ext.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_IScab_int.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_ISmsi_ext.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_cache_emax.tgz: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clamjol.iso: ClamAV-Test-File.UNOFFICIAL FOUND ----------- SCAN SUMMARY ----------- Known viruses: 1 Engine version: 0.100.0 Scanned directories: 0 Scanned files: 48 Infected files: 45 Data scanned: 14.21 MB Data read: 6.91 MB (ratio 2.06:1) Time: 5.938 sec (0 m 5 s) *** *** clamscan didn't detect all testfiles correctly *** FAIL: check2_clamd.sh ===================== -------------------------------------- /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-aspack.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-fsg.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-mew.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-nsis.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-pespin.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-petite.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-upack.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-upx.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-v2.rar: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-v3.rar: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-wwpack.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam-yc.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.7z: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.arj: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.bin-be.cpio: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.bin-le.cpio: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.bz2.zip: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.cab: OK /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.chm: OK /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.d64.zip: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.ea05.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.ea06.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.exe.binhex: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.exe.bz2: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.exe.html: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.exe.mbox.base64: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.exe.mbox.uu: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.exe.rtf: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.exe.szdd: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.impl.zip: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.iso: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.mail: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.newc.cpio: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.odc.cpio: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.ole.doc: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.pdf: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.ppt: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.sis: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.tar.gz: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.tnef: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam.zip: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_IScab_ext.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_IScab_int.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_ISmsi_ext.exe: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_ISmsi_int.exe: OK /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clam_cache_emax.tgz: ClamAV-Test-File.UNOFFICIAL FOUND /var/tmp/portage/app-antivirus/clamav-0.100.0/work/clamav-0.100.0/unit_tests/../test/clamjol.iso: ClamAV-Test-File.UNOFFICIAL FOUND ----------- SCAN SUMMARY ----------- Infected files: 45 Time: 5.902 sec (0 m 5 s) *** *** clamd did not detect all testfiles correctly! *** SKIP: check5_clamd_vg.sh ======================== *** valgrind tests skipped by default, use 'make check VG=1' to activate SKIP: check6_clamd_vg.sh ======================== *** valgrind tests skipped by default, use 'make check VG=1' to activate SKIP: check7_clamd_hg.sh ======================== SKIP: check8_clamd_hg.sh ======================== *** valgrind tests skipped by default, use 'make check VG=1' to activate SKIP: check9_clamscan_vg.sh =========================== *** valgrind tests skipped by default, use 'make check VG=1' to activate