| LibClamAV Warning: ************************************************** |
| LibClamAV Warning: *** The virus database is older than 7 days! *** |
| LibClamAV Warning: *** Please update it as soon as possible. *** |
| LibClamAV Warning: ************************************************** |
| Initializing the engine (devel-20071218) |
| |
| Initializing phishcheck module |
| |
| Phishcheck: Compiling regex: %s |
| |
| Phishcheck: Compiling regex: %s |
| |
| Phishcheck: Compiling regex: %s |
| |
| Phishcheck: Compiling regex: %s |
| |
| Phishcheck: Compiling regex: %s |
| |
| Phishcheck: Compiling regex: %s |
| |
| Phishcheck module initialized |
| |
| cli_loaddbdir: Acquiring dbdir lock |
| |
| Loading databases from %s |
| |
| in cli_cvdload() |
| |
| MD5(.tar.gz) = %s |
| |
| in cli_untgz() |
| |
| cli_untgz: Unpacking %s |
| |
| cli_untgz: Unpacking %s |
| |
| cli_untgz: Unpacking %s |
| |
| cli_untgz: Unpacking %s |
| |
| cli_untgz: Unpacking %s |
| |
| cli_untgz: Unpacking %s |
| |
| cli_untgz: Unpacking %s |
| |
| cli_untgz: Unpacking %s |
| |
| cli_untgz: Unpacking %s |
| |
| cli_untgz: Unpacking %s |
| |
| cli_untgz: Unpacking %s |
| |
| cli_untgz: Unpacking %s |
| |
| cli_untgz: Unpacking %s |
| |
| cli_untgz: Unpacking %s |
| |
| cli_loaddbdir: Acquiring dbdir lock |
| |
| Loading databases from %s |
| |
| %s loaded |
| |
| Initializing engine->root[%d] |
| |
| Initialising AC pattern matcher of root[%d] |
| |
| cli_initroots: Initializing BM tables of root[%d] |
| |
| Initializing engine->root[%d] |
| |
| Initialising AC pattern matcher of root[%d] |
| |
| cli_initroots: Initializing BM tables of root[%d] |
| |
| Initializing engine->root[%d] |
| |
| Initialising AC pattern matcher of root[%d] |
| |
| cli_initroots: Initializing BM tables of root[%d] |
| |
| Initializing engine->root[%d] |
| |
| Initialising AC pattern matcher of root[%d] |
| |
| cli_initroots: Initializing BM tables of root[%d] |
| |
| Initializing engine->root[%d] |
| |
| Initialising AC pattern matcher of root[%d] |
| |
| cli_initroots: Initializing BM tables of root[%d] |
| |
| Initializing engine->root[%d] |
| |
| Initialising AC pattern matcher of root[%d] |
| |
| cli_initroots: Initializing BM tables of root[%d] |
| |
| Initializing engine->root[%d] |
| |
| Initialising AC pattern matcher of root[%d] |
| |
| cli_initroots: Initializing BM tables of root[%d] |
| |
| %s loaded |
| |
| cli_loadmd5: Initializing MD5 list structure |
| |
| %s loaded |
| |
| %s loaded |
| |
| %s skipped |
| |
| %s loaded |
| |
| %s skipped |
| |
| %s loaded |
| |
| %s skipped |
| |
| Loading regex_list |
| |
| regex_list: Initialising AC pattern matcher |
| |
| Building regex list |
| |
| %s loaded |
| |
| Loading regex_list |
| |
| regex_list: Initialising AC pattern matcher |
| |
| Building regex list |
| |
| %s loaded |
| |
| %s loaded |
| |
| %s loaded |
| |
| Dynamic engine configuration settings: |
| |
| -------------------------------------- |
| |
| Module PE: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| Module ELF: %s |
| |
| Module ARCHIVE: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| Module DOCUMENT: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| Module MAIL: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| Module OTHER: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| Module PHISHING %s |
| |
| * Submodule %10s: %s |
| |
| * Submodule %10s: %s |
| |
| Scanning clam.cab |
| Recognized %s file |
| |
| in cli_scanmscab() |
| |
| CAB: -------------- Cabinet file ---------------- |
| |
| CAB: Cabinet length: %u |
| |
| CAB: Folders: %u |
| |
| CAB: Files: %u |
| |
| CAB: File format version: %u.%u |
| |
| CAB: Folder record %u |
| |
| CAB: Folder offset: %u |
| |
| CAB: Folder compression method: %d |
| |
| CAB: File record %u |
| |
| CAB: File name: %s |
| |
| CAB: File offset: %u |
| |
| CAB: File folder index: %u |
| |
| CAB: File attribs: 0x%x |
| |
| CAB: * file modified since last backup |
| |
| CAB: Extracting file %s to %s, size %u |
| |
| Recognized %s file |
| |
| e_lfanew == %d |
| |
| Machine type: 80386 |
| |
| NumberOfSections: %d |
| |
| TimeDateStamp: %s |
| SizeOfOptionalHeader: %x |
| |
| File format: PE |
| |
| MajorLinkerVersion: %d |
| |
| MinorLinkerVersion: %d |
| |
| SizeOfCode: 0x%x |
| |
| SizeOfInitializedData: 0x%x |
| |
| SizeOfUninitializedData: 0x%x |
| |
| AddressOfEntryPoint: 0x%x |
| |
| BaseOfCode: 0x%x |
| |
| SectionAlignment: 0x%x |
| |
| FileAlignment: 0x%x |
| |
| MajorSubsystemVersion: %d |
| |
| MinorSubsystemVersion: %d |
| |
| SizeOfImage: 0x%x |
| |
| SizeOfHeaders: 0x%x |
| |
| NumberOfRvaAndSizes: %d |
| |
| Subsystem: Win32 GUI |
| |
| ------------------------------------ |
| |
| Section %d |
| |
| Section name: %s |
| |
| Section data (from headers - in memory) |
| |
| VirtualSize: 0x%x 0x%x |
| |
| VirtualAddress: 0x%x 0x%x |
| |
| SizeOfRawData: 0x%x 0x%x |
| |
| PointerToRawData: 0x%x 0x%x |
| |
| Section's memory is writeable |
| |
| ------------------------------------ |
| |
| EntryPoint offset: 0x%x (%d) |
| |
| clam.cab: OK |
| Scanning clamdoc.tar.gz |
| Recognized %s file |
| |
| in cli_scangzip() |
| |
| Recognized POSIX tar file |
| |
| in cli_scantar() |
| |
| In untar(%s, %d) |
| |
| cli_untar: size = %d |
| |
| cli_untar: extracting %s |
| |
| Recognized %s file |
| |
| in cli_pdf(%s) |
| |
| cli_pdf: scanning %lu bytes |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| Length is in indirect obj %ld |
| |
| length in '%s' %ld |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: writing %lu bytes from the stream |
| |
| cli_pdf: extracted file %d to %s |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d |
| |
| cli_pdf: flatedecode %lu bytes |
| |
| cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u) |
| |
| cli_pdf: extracted file %d to %s |
| |
| cli_pdf: returning %d |
| |
| Recognized %s file |
| |
| in cli_check_jpeg_exploit() |
| |
| clamdoc.tar.gz: OK |
| Scanning clam.exe |
| Recognized %s file |
| |
| e_lfanew == %d |
| |
| Machine type: 80386 |
| |
| NumberOfSections: %d |
| |
| TimeDateStamp: %s |
| SizeOfOptionalHeader: %x |
| |
| File format: PE |
| |
| MajorLinkerVersion: %d |
| |
| MinorLinkerVersion: %d |
| |
| SizeOfCode: 0x%x |
| |
| SizeOfInitializedData: 0x%x |
| |
| SizeOfUninitializedData: 0x%x |
| |
| AddressOfEntryPoint: 0x%x |
| |
| BaseOfCode: 0x%x |
| |
| SectionAlignment: 0x%x |
| |
| FileAlignment: 0x%x |
| |
| MajorSubsystemVersion: %d |
| |
| MinorSubsystemVersion: %d |
| |
| SizeOfImage: 0x%x |
| |
| SizeOfHeaders: 0x%x |
| |
| NumberOfRvaAndSizes: %d |
| |
| Subsystem: Win32 GUI |
| |
| ------------------------------------ |
| |
| Section %d |
| |
| Section name: %s |
| |
| Section data (from headers - in memory) |
| |
| VirtualSize: 0x%x 0x%x |
| |
| VirtualAddress: 0x%x 0x%x |
| |
| SizeOfRawData: 0x%x 0x%x |
| |
| PointerToRawData: 0x%x 0x%x |
| |
| Section's memory is writeable |
| |
| ------------------------------------ |
| |
| EntryPoint offset: 0x%x (%d) |
| |
| clam.exe: OK |
| Scanning clam.exe.bz2 |
| Recognized %s file |
| |
| clam.exe.bz2: OK |
| Scanning clam-v2.rar |
| LibClamAV Warning: RAR code not compiled-in |
| Recognized %s file |
| |
| clam-v2.rar: OK |
| Scanning clam-v3.rar |
| LibClamAV Warning: RAR code not compiled-in |
| Recognized %s file |
| |
| clam-v3.rar: OK |
| Scanning clam.zip |
| Recognized %s file |
| |
| in scanzip() |
| |
| Unzip: __zip_find_disk_trailer: found file header at %u, shift %u |
| |
| Zip: %s, crc32: 0x%x, offset: %u, encrypted: %u, compressed: %u, normal: %u, method: %u, ratio: %u (max: %u) |
| |
| Zip: File decompressed to %s |
| |
| Recognized %s file |
| |
| e_lfanew == %d |
| |
| Machine type: 80386 |
| |
| NumberOfSections: %d |
| |
| TimeDateStamp: %s |
| SizeOfOptionalHeader: %x |
| |
| File format: PE |
| |
| MajorLinkerVersion: %d |
| |
| MinorLinkerVersion: %d |
| |
| SizeOfCode: 0x%x |
| |
| SizeOfInitializedData: 0x%x |
| |
| SizeOfUninitializedData: 0x%x |
| |
| AddressOfEntryPoint: 0x%x |
| |
| BaseOfCode: 0x%x |
| |
| SectionAlignment: 0x%x |
| |
| FileAlignment: 0x%x |
| |
| MajorSubsystemVersion: %d |
| |
| MinorSubsystemVersion: %d |
| |
| SizeOfImage: 0x%x |
| |
| SizeOfHeaders: 0x%x |
| |
| NumberOfRvaAndSizes: %d |
| |
| Subsystem: Win32 GUI |
| |
| ------------------------------------ |
| |
| Section %d |
| |
| Section name: %s |
| |
| Section data (from headers - in memory) |
| |
| VirtualSize: 0x%x 0x%x |
| |
| VirtualAddress: 0x%x 0x%x |
| |
| SizeOfRawData: 0x%x 0x%x |
| |
| PointerToRawData: 0x%x 0x%x |
| |
| Section's memory is writeable |
| |
| ------------------------------------ |
| |
| EntryPoint offset: 0x%x (%d) |
| |
| Matched signature for file type %s at %u |
| |
| clam.zip: OK |
| Scanning README |
| README: OK |
| Scanning Doc11.rtf |
| Recognized %s file |
| |
| in cli_scanrtf() |
| |
| RTF: waiting for magic |
| |
| RTF: description length:%lu |
| |
| RTF: in WAIT_DESC |
| |
| Preparing to dump rtf embedded object, description:%s |
| |
| RTF: next state: wait_data_size |
| |
| RTF: in WAIT_DATA_SIZE |
| |
| Dumping rtf embedded object of size:%lu |
| |
| RTF: next state: DUMP_DATA |
| |
| RTF:Scanning embedded object:%s |
| |
| Recognized %s file |
| |
| in cli_scanole2() |
| |
| in cli_ole2_extract() |
| |
| mmap'ed file |
| |
| |
| Magic: 0x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| |
| |
| CLSID: { |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| } |
| |
| Minor version: 0x%x |
| |
| DLL version: 0x%x |
| |
| Byte Order: %d |
| |
| Big Block Size: %i |
| |
| Small Block Size: %i |
| |
| BAT count: %d |
| |
| Prop start: %d |
| |
| SBAT cutoff: %d |
| |
| SBat start: %d |
| |
| SBat block count: %d |
| |
| XBat start: %d |
| |
| XBat block count: %d |
| |
| |
| Max block number: %lu |
| |
| %34s |
| [root] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [dir ] |
| b |
| 0x%.8x 0x%.8x |
| |
| OLE2 dir entry: %s |
| |
| %34s |
| [dir ] |
| b |
| 0x%.8x 0x%.8x |
| |
| OLE2 dir entry: %s |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| VBADir: %s |
| |
| in vba56_dir_read() |
| |
| Can't open %s |
| |
| Open PowerPoint Document failed |
| |
| macro offset: 0x%.4x |
| |
| macro len: 0x%.4x |
| |
| |
| read macro_info failed |
| |
| VBADir: %s |
| |
| in vba56_dir_read() |
| |
| Can't open %s |
| |
| Open PowerPoint Document failed |
| |
| Open WordDocument failed |
| |
| VBADir: %s |
| |
| in vba56_dir_read() |
| |
| Can't open %s |
| |
| Open PowerPoint Document failed |
| |
| Open WordDocument failed |
| |
| Recognized %s file |
| |
| e_lfanew == %d |
| |
| Machine type: 80386 |
| |
| NumberOfSections: %d |
| |
| TimeDateStamp: %s |
| SizeOfOptionalHeader: %x |
| |
| File format: PE |
| |
| MajorLinkerVersion: %d |
| |
| MinorLinkerVersion: %d |
| |
| SizeOfCode: 0x%x |
| |
| SizeOfInitializedData: 0x%x |
| |
| SizeOfUninitializedData: 0x%x |
| |
| AddressOfEntryPoint: 0x%x |
| |
| BaseOfCode: 0x%x |
| |
| SectionAlignment: 0x%x |
| |
| FileAlignment: 0x%x |
| |
| MajorSubsystemVersion: %d |
| |
| MinorSubsystemVersion: %d |
| |
| SizeOfImage: 0x%x |
| |
| SizeOfHeaders: 0x%x |
| |
| NumberOfRvaAndSizes: %d |
| |
| Subsystem: Win32 GUI |
| |
| ------------------------------------ |
| |
| Section %d |
| |
| Section name: %s |
| |
| Section data (from headers - in memory) |
| |
| VirtualSize: 0x%x 0x%x |
| |
| VirtualAddress: 0x%x 0x%x |
| |
| SizeOfRawData: 0x%x 0x%x |
| |
| PointerToRawData: 0x%x 0x%x |
| |
| Section's memory is writeable |
| |
| ------------------------------------ |
| |
| EntryPoint offset: 0x%x (%d) |
| |
| RTF: waiting for magic |
| |
| Warning: rtf objdata magic number not matched, expected:%d, got: %d, at pos:%lu |
| |
| Doc11.rtf: OK |
| Scanning Doc1.rtf |
| Recognized %s file |
| |
| in cli_scanrtf() |
| |
| RTF: waiting for magic |
| |
| RTF: description length:%lu |
| |
| RTF: in WAIT_DESC |
| |
| Preparing to dump rtf embedded object, description:%s |
| |
| RTF: next state: wait_data_size |
| |
| RTF: in WAIT_DATA_SIZE |
| |
| Dumping rtf embedded object of size:%lu |
| |
| RTF: next state: DUMP_DATA |
| |
| RTF:Scanning embedded object:%s |
| |
| Decoding ole object |
| |
| Recognized %s file |
| |
| e_lfanew == %d |
| |
| Machine type: 80386 |
| |
| NumberOfSections: %d |
| |
| TimeDateStamp: %s |
| SizeOfOptionalHeader: %x |
| |
| File format: PE |
| |
| MajorLinkerVersion: %d |
| |
| MinorLinkerVersion: %d |
| |
| SizeOfCode: 0x%x |
| |
| SizeOfInitializedData: 0x%x |
| |
| SizeOfUninitializedData: 0x%x |
| |
| AddressOfEntryPoint: 0x%x |
| |
| BaseOfCode: 0x%x |
| |
| SectionAlignment: 0x%x |
| |
| FileAlignment: 0x%x |
| |
| MajorSubsystemVersion: %d |
| |
| MinorSubsystemVersion: %d |
| |
| SizeOfImage: 0x%x |
| |
| SizeOfHeaders: 0x%x |
| |
| NumberOfRvaAndSizes: %d |
| |
| Subsystem: Win32 GUI |
| |
| ------------------------------------ |
| |
| Section %d |
| |
| Section name: %s |
| |
| Section data (from headers - in memory) |
| |
| VirtualSize: 0x%x 0x%x |
| |
| VirtualAddress: 0x%x 0x%x |
| |
| SizeOfRawData: 0x%x 0x%x |
| |
| PointerToRawData: 0x%x 0x%x |
| |
| Section's memory is writeable |
| |
| ------------------------------------ |
| |
| EntryPoint offset: 0x%x (%d) |
| |
| RTF: waiting for magic |
| |
| Warning: rtf objdata magic number not matched, expected:%d, got: %d, at pos:%lu |
| |
| RTF: description length:%lu |
| |
| RTF: in WAIT_DESC |
| |
| Preparing to dump rtf embedded object, description:%s |
| |
| RTF: next state: wait_data_size |
| |
| RTF: in WAIT_DATA_SIZE |
| |
| Dumping rtf embedded object of size:%lu |
| |
| RTF: next state: DUMP_DATA |
| |
| RTF:Scanning embedded object:%s |
| |
| Decoding ole object |
| |
| Small data (%u bytes) |
| |
| Doc1.rtf: OK |
| Scanning Doc22.rtf |
| Recognized %s file |
| |
| in cli_scanrtf() |
| |
| RTF: waiting for magic |
| |
| RTF: description length:%lu |
| |
| RTF: in WAIT_DESC |
| |
| Preparing to dump rtf embedded object, description:%s |
| |
| RTF: next state: wait_data_size |
| |
| RTF: in WAIT_DATA_SIZE |
| |
| Dumping rtf embedded object of size:%lu |
| |
| RTF: next state: DUMP_DATA |
| |
| RTF:Scanning embedded object:%s |
| |
| Recognized %s file |
| |
| in cli_scanole2() |
| |
| in cli_ole2_extract() |
| |
| mmap'ed file |
| |
| |
| Magic: 0x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| |
| |
| CLSID: { |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| } |
| |
| Minor version: 0x%x |
| |
| DLL version: 0x%x |
| |
| Byte Order: %d |
| |
| Big Block Size: %i |
| |
| Small Block Size: %i |
| |
| BAT count: %d |
| |
| Prop start: %d |
| |
| SBAT cutoff: %d |
| |
| SBat start: %d |
| |
| SBat block count: %d |
| |
| XBat start: %d |
| |
| XBat block count: %d |
| |
| |
| Max block number: %lu |
| |
| %34s |
| [root] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [dir ] |
| b |
| 0x%.8x 0x%.8x |
| |
| OLE2 dir entry: %s |
| |
| %34s |
| [dir ] |
| b |
| 0x%.8x 0x%.8x |
| |
| OLE2 dir entry: %s |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| VBADir: %s |
| |
| in vba56_dir_read() |
| |
| Can't open %s |
| |
| Open PowerPoint Document failed |
| |
| macro offset: 0x%.4x |
| |
| macro len: 0x%.4x |
| |
| |
| read macro_info failed |
| |
| VBADir: %s |
| |
| in vba56_dir_read() |
| |
| Can't open %s |
| |
| Open PowerPoint Document failed |
| |
| Open WordDocument failed |
| |
| VBADir: %s |
| |
| in vba56_dir_read() |
| |
| Can't open %s |
| |
| Open PowerPoint Document failed |
| |
| Open WordDocument failed |
| |
| Recognized %s file |
| |
| e_lfanew == %d |
| |
| Machine type: 80386 |
| |
| NumberOfSections: %d |
| |
| TimeDateStamp: %s |
| SizeOfOptionalHeader: %x |
| |
| File format: PE |
| |
| MajorLinkerVersion: %d |
| |
| MinorLinkerVersion: %d |
| |
| SizeOfCode: 0x%x |
| |
| SizeOfInitializedData: 0x%x |
| |
| SizeOfUninitializedData: 0x%x |
| |
| AddressOfEntryPoint: 0x%x |
| |
| BaseOfCode: 0x%x |
| |
| SectionAlignment: 0x%x |
| |
| FileAlignment: 0x%x |
| |
| MajorSubsystemVersion: %d |
| |
| MinorSubsystemVersion: %d |
| |
| SizeOfImage: 0x%x |
| |
| SizeOfHeaders: 0x%x |
| |
| NumberOfRvaAndSizes: %d |
| |
| Subsystem: Win32 GUI |
| |
| ------------------------------------ |
| |
| Section %d |
| |
| Section name: %s |
| |
| Section data (from headers - in memory) |
| |
| VirtualSize: 0x%x 0x%x |
| |
| VirtualAddress: 0x%x 0x%x |
| |
| SizeOfRawData: 0x%x 0x%x |
| |
| PointerToRawData: 0x%x 0x%x |
| |
| Section's memory is writeable |
| |
| ------------------------------------ |
| |
| EntryPoint offset: 0x%x (%d) |
| |
| RTF: waiting for magic |
| |
| Warning: rtf objdata magic number not matched, expected:%d, got: %d, at pos:%lu |
| |
| Doc22.rtf: OK |
| Scanning Doc2.rtf |
| Recognized %s file |
| |
| in cli_scanrtf() |
| |
| RTF: waiting for magic |
| |
| RTF: description length:%lu |
| |
| RTF: in WAIT_DESC |
| |
| Preparing to dump rtf embedded object, description:%s |
| |
| RTF: next state: wait_data_size |
| |
| RTF: in WAIT_DATA_SIZE |
| |
| Dumping rtf embedded object of size:%lu |
| |
| RTF: next state: DUMP_DATA |
| |
| RTF:Scanning embedded object:%s |
| |
| Recognized %s file |
| |
| in cli_scanole2() |
| |
| in cli_ole2_extract() |
| |
| mmap'ed file |
| |
| |
| Magic: 0x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| |
| |
| CLSID: { |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| } |
| |
| Minor version: 0x%x |
| |
| DLL version: 0x%x |
| |
| Byte Order: %d |
| |
| Big Block Size: %i |
| |
| Small Block Size: %i |
| |
| BAT count: %d |
| |
| Prop start: %d |
| |
| SBAT cutoff: %d |
| |
| SBat start: %d |
| |
| SBat block count: %d |
| |
| XBat start: %d |
| |
| XBat block count: %d |
| |
| |
| Max block number: %lu |
| |
| %34s |
| [root] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [dir ] |
| b |
| 0x%.8x 0x%.8x |
| |
| OLE2 dir entry: %s |
| |
| %34s |
| [dir ] |
| b |
| 0x%.8x 0x%.8x |
| |
| OLE2 dir entry: %s |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| VBADir: %s |
| |
| in vba56_dir_read() |
| |
| Can't open %s |
| |
| Open PowerPoint Document failed |
| |
| macro offset: 0x%.4x |
| |
| macro len: 0x%.4x |
| |
| |
| read macro_info failed |
| |
| VBADir: %s |
| |
| in vba56_dir_read() |
| |
| Can't open %s |
| |
| Open PowerPoint Document failed |
| |
| Open WordDocument failed |
| |
| VBADir: %s |
| |
| in vba56_dir_read() |
| |
| Can't open %s |
| |
| Open PowerPoint Document failed |
| |
| Open WordDocument failed |
| |
| Recognized %s file |
| |
| e_lfanew == %d |
| |
| Machine type: 80386 |
| |
| NumberOfSections: %d |
| |
| TimeDateStamp: %s |
| SizeOfOptionalHeader: %x |
| |
| File format: PE |
| |
| MajorLinkerVersion: %d |
| |
| MinorLinkerVersion: %d |
| |
| SizeOfCode: 0x%x |
| |
| SizeOfInitializedData: 0x%x |
| |
| SizeOfUninitializedData: 0x%x |
| |
| AddressOfEntryPoint: 0x%x |
| |
| BaseOfCode: 0x%x |
| |
| SectionAlignment: 0x%x |
| |
| FileAlignment: 0x%x |
| |
| MajorSubsystemVersion: %d |
| |
| MinorSubsystemVersion: %d |
| |
| SizeOfImage: 0x%x |
| |
| SizeOfHeaders: 0x%x |
| |
| NumberOfRvaAndSizes: %d |
| |
| Subsystem: Win32 GUI |
| |
| ------------------------------------ |
| |
| Section %d |
| |
| Section name: %s |
| |
| Section data (from headers - in memory) |
| |
| VirtualSize: 0x%x 0x%x |
| |
| VirtualAddress: 0x%x 0x%x |
| |
| SizeOfRawData: 0x%x 0x%x |
| |
| PointerToRawData: 0x%x 0x%x |
| |
| Section's memory is writeable |
| |
| ------------------------------------ |
| |
| EntryPoint offset: 0x%x (%d) |
| |
| RTF: waiting for magic |
| |
| Warning: rtf objdata magic number not matched, expected:%d, got: %d, at pos:%lu |
| |
| Doc2.rtf: OK |
| Scanning doc3.rtf |
| Recognized %s file |
| |
| in cli_scanrtf() |
| |
| RTF: waiting for magic |
| |
| RTF: description length:%lu |
| |
| RTF: in WAIT_DESC |
| |
| Preparing to dump rtf embedded object, description:%s |
| |
| RTF: next state: wait_data_size |
| |
| RTF: in WAIT_DATA_SIZE |
| |
| Dumping rtf embedded object of size:%lu |
| |
| RTF: next state: DUMP_DATA |
| |
| RTF:Scanning embedded object:%s |
| |
| Recognized %s file |
| |
| in cli_scanole2() |
| |
| in cli_ole2_extract() |
| |
| mmap'ed file |
| |
| |
| Magic: 0x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| |
| |
| CLSID: { |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| } |
| |
| Minor version: 0x%x |
| |
| DLL version: 0x%x |
| |
| Byte Order: %d |
| |
| Big Block Size: %i |
| |
| Small Block Size: %i |
| |
| BAT count: %d |
| |
| Prop start: %d |
| |
| SBAT cutoff: %d |
| |
| SBat start: %d |
| |
| SBat block count: %d |
| |
| XBat start: %d |
| |
| XBat block count: %d |
| |
| |
| Max block number: %lu |
| |
| %34s |
| [root] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [dir ] |
| b |
| 0x%.8x 0x%.8x |
| |
| OLE2 dir entry: %s |
| |
| %34s |
| [dir ] |
| b |
| 0x%.8x 0x%.8x |
| |
| OLE2 dir entry: %s |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [dir ] |
| b |
| 0x%.8x 0x%.8x |
| |
| OLE2 dir entry: %s |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [dir ] |
| b |
| 0x%.8x 0x%.8x |
| |
| OLE2 dir entry: %s |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| VBADir: %s |
| |
| in vba56_dir_read() |
| |
| Can't open %s |
| |
| Open PowerPoint Document failed |
| |
| macro offset: 0x%.4x |
| |
| macro len: 0x%.4x |
| |
| |
| read macro_info failed |
| |
| VBADir: %s |
| |
| in vba56_dir_read() |
| |
| Can't open %s |
| |
| Open PowerPoint Document failed |
| |
| Open WordDocument failed |
| |
| VBADir: %s |
| |
| in vba56_dir_read() |
| |
| Can't open %s |
| |
| Open PowerPoint Document failed |
| |
| macro offset: 0x%.4x |
| |
| macro len: 0x%.4x |
| |
| |
| read macro_info failed |
| |
| VBADir: %s |
| |
| in vba56_dir_read() |
| |
| Can't open %s |
| |
| Open PowerPoint Document failed |
| |
| Open WordDocument failed |
| |
| VBADir: %s |
| |
| in vba56_dir_read() |
| |
| Can't open %s |
| |
| Open PowerPoint Document failed |
| |
| Open WordDocument failed |
| |
| Recognized %s file |
| |
| e_lfanew == %d |
| |
| Machine type: 80386 |
| |
| NumberOfSections: %d |
| |
| TimeDateStamp: %s |
| SizeOfOptionalHeader: %x |
| |
| File format: PE |
| |
| MajorLinkerVersion: %d |
| |
| MinorLinkerVersion: %d |
| |
| SizeOfCode: 0x%x |
| |
| SizeOfInitializedData: 0x%x |
| |
| SizeOfUninitializedData: 0x%x |
| |
| AddressOfEntryPoint: 0x%x |
| |
| BaseOfCode: 0x%x |
| |
| SectionAlignment: 0x%x |
| |
| FileAlignment: 0x%x |
| |
| MajorSubsystemVersion: %d |
| |
| MinorSubsystemVersion: %d |
| |
| SizeOfImage: 0x%x |
| |
| SizeOfHeaders: 0x%x |
| |
| NumberOfRvaAndSizes: %d |
| |
| Subsystem: Win32 GUI |
| |
| ------------------------------------ |
| |
| Section %d |
| |
| Section name: %s |
| |
| Section data (from headers - in memory) |
| |
| VirtualSize: 0x%x 0x%x |
| |
| VirtualAddress: 0x%x 0x%x |
| |
| SizeOfRawData: 0x%x 0x%x |
| |
| PointerToRawData: 0x%x 0x%x |
| |
| Section's memory is writeable |
| |
| ------------------------------------ |
| |
| EntryPoint offset: 0x%x (%d) |
| |
| RTF: waiting for magic |
| |
| Warning: rtf objdata magic number not matched, expected:%d, got: %d, at pos:%lu |
| |
| doc3.rtf: OK |
| Scanning docCLAMexe.rtf |
| Recognized %s file |
| |
| in cli_scanrtf() |
| |
| RTF: waiting for magic |
| |
| RTF: description length:%lu |
| |
| RTF: in WAIT_DESC |
| |
| Preparing to dump rtf embedded object, description:%s |
| |
| RTF: next state: wait_data_size |
| |
| RTF: in WAIT_DATA_SIZE |
| |
| Dumping rtf embedded object of size:%lu |
| |
| RTF: next state: DUMP_DATA |
| |
| RTF:Scanning embedded object:%s |
| |
| Decoding ole object |
| |
| Recognized %s file |
| |
| e_lfanew == %d |
| |
| Machine type: 80386 |
| |
| NumberOfSections: %d |
| |
| TimeDateStamp: %s |
| SizeOfOptionalHeader: %x |
| |
| File format: PE |
| |
| MajorLinkerVersion: %d |
| |
| MinorLinkerVersion: %d |
| |
| SizeOfCode: 0x%x |
| |
| SizeOfInitializedData: 0x%x |
| |
| SizeOfUninitializedData: 0x%x |
| |
| AddressOfEntryPoint: 0x%x |
| |
| BaseOfCode: 0x%x |
| |
| SectionAlignment: 0x%x |
| |
| FileAlignment: 0x%x |
| |
| MajorSubsystemVersion: %d |
| |
| MinorSubsystemVersion: %d |
| |
| SizeOfImage: 0x%x |
| |
| SizeOfHeaders: 0x%x |
| |
| NumberOfRvaAndSizes: %d |
| |
| Subsystem: Win32 GUI |
| |
| ------------------------------------ |
| |
| Section %d |
| |
| Section name: %s |
| |
| Section data (from headers - in memory) |
| |
| VirtualSize: 0x%x 0x%x |
| |
| VirtualAddress: 0x%x 0x%x |
| |
| SizeOfRawData: 0x%x 0x%x |
| |
| PointerToRawData: 0x%x 0x%x |
| |
| Section's memory is writeable |
| |
| ------------------------------------ |
| |
| EntryPoint offset: 0x%x (%d) |
| |
| RTF: waiting for magic |
| |
| Warning: rtf objdata magic number not matched, expected:%d, got: %d, at pos:%lu |
| |
| RTF: description length:%lu |
| |
| RTF: in WAIT_DESC |
| |
| Preparing to dump rtf embedded object, description:%s |
| |
| RTF: next state: wait_data_size |
| |
| RTF: in WAIT_DATA_SIZE |
| |
| Dumping rtf embedded object of size:%lu |
| |
| RTF: next state: DUMP_DATA |
| |
| RTF:Scanning embedded object:%s |
| |
| Decoding ole object |
| |
| Small data (%u bytes) |
| |
| docCLAMexe.rtf: OK |
| Scanning rtf1.rtf |
| Recognized %s file |
| |
| in cli_scanrtf() |
| |
| RTF: waiting for magic |
| |
| RTF: description length:%lu |
| |
| RTF: in WAIT_DESC |
| |
| Preparing to dump rtf embedded object, description:%s |
| |
| RTF: next state: wait_data_size |
| |
| RTF: in WAIT_DATA_SIZE |
| |
| Dumping rtf embedded object of size:%lu |
| |
| RTF: next state: DUMP_DATA |
| |
| RTF:Scanning embedded object:%s |
| |
| Decoding ole object |
| |
| RTF: waiting for magic |
| |
| Warning: rtf objdata magic number not matched, expected:%d, got: %d, at pos:%lu |
| |
| RTF: description length:%lu |
| |
| RTF: in WAIT_DESC |
| |
| Preparing to dump rtf embedded object, description:%s |
| |
| RTF: next state: wait_data_size |
| |
| RTF: in WAIT_DATA_SIZE |
| |
| Dumping rtf embedded object of size:%lu |
| |
| RTF: next state: DUMP_DATA |
| |
| RTF:Scanning embedded object:%s |
| |
| Decoding ole object |
| |
| Small data (%u bytes) |
| |
| RTF: waiting for magic |
| |
| RTF: description length:%lu |
| |
| RTF: in WAIT_DESC |
| |
| Preparing to dump rtf embedded object, description:%s |
| |
| RTF: next state: wait_data_size |
| |
| RTF: in WAIT_DATA_SIZE |
| |
| Dumping rtf embedded object of size:%lu |
| |
| RTF: next state: DUMP_DATA |
| |
| RTF:Scanning embedded object:%s |
| |
| Decoding ole object |
| |
| Recognized %s file |
| |
| e_lfanew == %d |
| |
| Machine type: 80386 |
| |
| NumberOfSections: %d |
| |
| TimeDateStamp: %s |
| SizeOfOptionalHeader: %x |
| |
| File format: PE |
| |
| MajorLinkerVersion: %d |
| |
| MinorLinkerVersion: %d |
| |
| SizeOfCode: 0x%x |
| |
| SizeOfInitializedData: 0x%x |
| |
| SizeOfUninitializedData: 0x%x |
| |
| AddressOfEntryPoint: 0x%x |
| |
| BaseOfCode: 0x%x |
| |
| SectionAlignment: 0x%x |
| |
| FileAlignment: 0x%x |
| |
| MajorSubsystemVersion: %d |
| |
| MinorSubsystemVersion: %d |
| |
| SizeOfImage: 0x%x |
| |
| SizeOfHeaders: 0x%x |
| |
| NumberOfRvaAndSizes: %d |
| |
| Subsystem: Win32 GUI |
| |
| ------------------------------------ |
| |
| Section %d |
| |
| Section name: %s |
| |
| Section data (from headers - in memory) |
| |
| VirtualSize: 0x%x 0x%x |
| |
| VirtualAddress: 0x%x 0x%x |
| |
| SizeOfRawData: 0x%x 0x%x |
| |
| PointerToRawData: 0x%x 0x%x |
| |
| Section's memory is writeable |
| |
| ------------------------------------ |
| |
| EntryPoint offset: 0x%x (%d) |
| |
| RTF: waiting for magic |
| |
| Warning: rtf objdata magic number not matched, expected:%d, got: %d, at pos:%lu |
| |
| RTF: description length:%lu |
| |
| RTF: in WAIT_DESC |
| |
| Preparing to dump rtf embedded object, description:%s |
| |
| RTF: next state: wait_data_size |
| |
| RTF: in WAIT_DATA_SIZE |
| |
| Dumping rtf embedded object of size:%lu |
| |
| RTF: next state: DUMP_DATA |
| |
| RTF:Scanning embedded object:%s |
| |
| Decoding ole object |
| |
| Small data (%u bytes) |
| |
| rtf1.rtf: OK |
| Scanning rtf-novirus.rtf |
| Recognized %s file |
| |
| in cli_scanrtf() |
| |
| RTF: waiting for magic |
| |
| RTF: description length:%lu |
| |
| RTF: in WAIT_DESC |
| |
| Preparing to dump rtf embedded object, description:%s |
| |
| RTF: next state: wait_data_size |
| |
| RTF: in WAIT_DATA_SIZE |
| |
| Dumping rtf embedded object of size:%lu |
| |
| RTF: next state: DUMP_DATA |
| |
| RTF:Scanning embedded object:%s |
| |
| Recognized %s file |
| |
| in cli_scanole2() |
| |
| in cli_ole2_extract() |
| |
| mmap'ed file |
| |
| |
| Magic: 0x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| |
| |
| CLSID: { |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| } |
| |
| Minor version: 0x%x |
| |
| DLL version: 0x%x |
| |
| Byte Order: %d |
| |
| Big Block Size: %i |
| |
| Small Block Size: %i |
| |
| BAT count: %d |
| |
| Prop start: %d |
| |
| SBAT cutoff: %d |
| |
| SBat start: %d |
| |
| SBat block count: %d |
| |
| XBat start: %d |
| |
| XBat block count: %d |
| |
| |
| Max block number: %lu |
| |
| %34s |
| [root] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| VBADir: %s |
| |
| in vba56_dir_read() |
| |
| Can't open %s |
| |
| Open PowerPoint Document failed |
| |
| No macros detected |
| |
| RTF: waiting for magic |
| |
| Warning: rtf objdata magic number not matched, expected:%d, got: %d, at pos:%lu |
| |
| RTF: waiting for magic |
| |
| RTF: description length:%lu |
| |
| RTF: in WAIT_DESC |
| |
| Preparing to dump rtf embedded object, description:%s |
| |
| RTF: next state: wait_data_size |
| |
| RTF: in WAIT_DATA_SIZE |
| |
| Dumping rtf embedded object of size:%lu |
| |
| RTF: next state: DUMP_DATA |
| |
| RTF:Scanning embedded object:%s |
| |
| Recognized %s file |
| |
| in cli_scanole2() |
| |
| in cli_ole2_extract() |
| |
| mmap'ed file |
| |
| |
| Magic: 0x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| |
| |
| CLSID: { |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| %x |
| } |
| |
| Minor version: 0x%x |
| |
| DLL version: 0x%x |
| |
| Byte Order: %d |
| |
| Big Block Size: %i |
| |
| Small Block Size: %i |
| |
| BAT count: %d |
| |
| Prop start: %d |
| |
| SBAT cutoff: %d |
| |
| SBat start: %d |
| |
| SBat block count: %d |
| |
| XBat start: %d |
| |
| XBat block count: %d |
| |
| |
| Max block number: %lu |
| |
| %34s |
| [root] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| b |
| 0x%.8x 0x%.8x |
| |
| %34s |
| [file] |
| r |
| 0x%.8x 0x%.8x |
| |
| VBADir: %s |
| |
| in vba56_dir_read() |
| |
| Can't open %s |
| |
| Open PowerPoint Document failed |
| |
| No macros detected |
| |
| RTF: waiting for magic |
| |
| Warning: rtf objdata magic number not matched, expected:%d, got: %d, at pos:%lu |
| |
| rtf-novirus.rtf: OK |
| Cleaning up phishcheck |
| |
| Freeing phishcheck struct |
| |
| Phishcheck cleaned up |
| |
| |
| ----------- SCAN SUMMARY ----------- |
| Known viruses: 19590 |
| Engine version: devel-20071218 |
| Scanned directories: 0 |
| Scanned files: 16 |
| Infected files: 0 |
| Data scanned: 1.89 MB |
| exit 0 |