#352 Clamwin 0.88.7 seems not to detect W97M.Marker macro virus

open
alch
Scanner (176)
5
2012-09-05
2007-01-06
Marshall Jose
No

OS is WinXP, all updates applied.

Output of clamcan.exe with --debug option follows.

C:\Program Files\ClamWin\bin>clamscan --debug -r --database "C:\Documents and Settings\All Users.clamwin\db" "C:\docs\macro_virus_test.doc"
LibClamAV debug: Loading databases from C:\Documents and Settings\All Users.clamwin\db
LibClamAV debug: Loading C:\Documents and Settings\All Users.clamwin\db/daily.cvd
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 55540978b1396bc6625de475c1ff4398
LibClamAV debug: Decoded signature: 55540978b1396bc6625de475c1ff4398
LibClamAV debug: Digital signature is correct.
LibClamAV debug: in cli_untgz()
LibClamAV debug: Unpacking C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-2797787546aad6e2b7613574d4168a96.00000cec.clamtmp/COPYING
LibClamAV debug: Unpacking C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-2797787546aad6e2b7613574d4168a96.00000cec.clamtmp/daily.db
LibClamAV debug: Unpacking C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-2797787546aad6e2b7613574d4168a96.00000cec.clamtmp/daily.hdb
LibClamAV debug: Unpacking C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-2797787546aad6e2b7613574d4168a96.00000cec.clamtmp/daily.ndb
LibClamAV debug: Unpacking C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-2797787546aad6e2b7613574d4168a96.00000cec.clamtmp/daily.zmd
LibClamAV debug: Unpacking C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-2797787546aad6e2b7613574d4168a96.00000cec.clamtmp/daily.fp
LibClamAV debug: Unpacking C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-2797787546aad6e2b7613574d4168a96.00000cec.clamtmp/daily.info
LibClamAV debug: Unpacking C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-2797787546aad6e2b7613574d4168a96.00000cec.clamtmp/daily.pdb
LibClamAV debug: Loading databases from C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-2797787546aad6e2b7613574d4168a96.00000cec.clamtmp
LibClamAV debug: Loading C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-2797787546aad6e2b7613574d4168a96.00000cec.clamtmp/daily.db
LibClamAV debug: Initializing main node
LibClamAV debug: Initializing trie
LibClamAV debug: Initializing BM tables
LibClamAV debug: in cli_bm_init()
LibClamAV debug: BM: Number of indexes = 63744
LibClamAV debug: Loading C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-2797787546aad6e2b7613574d4168a96.00000cec.clamtmp/daily.fp
LibClamAV debug: Initializing md5 list structure
LibClamAV debug: Loading C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-2797787546aad6e2b7613574d4168a96.00000cec.clamtmp/daily.hdb
LibClamAV debug: Loading C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-2797787546aad6e2b7613574d4168a96.00000cec.clamtmp/daily.ndb
LibClamAV debug: Loading C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-2797787546aad6e2b7613574d4168a96.00000cec.clamtmp/daily.zmd
LibClamAV debug: Loading C:\Documents and Settings\All Users.clamwin\db/main.cvd
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = eb2702736e04b00af9ba46c9e2e3b95d
LibClamAV debug: Decoded signature: eb2702736e04b00af9ba46c9e2e3b95d
LibClamAV debug: Digital signature is correct.
LibClamAV debug: in cli_untgz()
LibClamAV debug: Unpacking C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-a8563d428fd0bee947a2368c1cca4882.00000cec.clamtmp/COPYING
LibClamAV debug: Unpacking C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-a8563d428fd0bee947a2368c1cca4882.00000cec.clamtmp/main.db
LibClamAV debug: Unpacking C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-a8563d428fd0bee947a2368c1cca4882.00000cec.clamtmp/main.hdb
LibClamAV debug: Unpacking C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-a8563d428fd0bee947a2368c1cca4882.00000cec.clamtmp/main.ndb
LibClamAV debug: Unpacking C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-a8563d428fd0bee947a2368c1cca4882.00000cec.clamtmp/main.zmd
LibClamAV debug: Unpacking C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-a8563d428fd0bee947a2368c1cca4882.00000cec.clamtmp/main.fp
LibClamAV debug: Unpacking C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-a8563d428fd0bee947a2368c1cca4882.00000cec.clamtmp/main.info
LibClamAV debug: Loading databases from C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-a8563d428fd0bee947a2368c1cca4882.00000cec.clamtmp
LibClamAV debug: Loading C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-a8563d428fd0bee947a2368c1cca4882.00000cec.clamtmp/main.db
LibClamAV debug: Loading C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-a8563d428fd0bee947a2368c1cca4882.00000cec.clamtmp/main.fp
LibClamAV debug: Loading C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-a8563d428fd0bee947a2368c1cca4882.00000cec.clamtmp/main.hdb
LibClamAV debug: Loading C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-a8563d428fd0bee947a2368c1cca4882.00000cec.clamtmp/main.ndb
LibClamAV debug: Loading C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-a8563d428fd0bee947a2368c1cca4882.00000cec.clamtmp/main.zmd
LibClamAV debug: Recognized OLE2 container file
LibClamAV debug: in cli_scanmscab()
LibClamAV debug: MSCAB: I/O error or no valid cabinets found
LibClamAV debug: in cli_scanole2()
LibClamAV debug: in cli_ole2_extract()
LibClamAV debug: mmap'ed file
LibClamAV debug:
Magic: 0xLibClamAV debug: d0LibClamAV debug: cfLibClamAV debug: 11LibClamAV debug: e0LibClamAV debug: a1LibClamAV debug: b1LibClamAV debug: 1aLibClamAV debug: e1LibClamAV debug:LibClamAV debug: CLSID: {LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: 0 LibClamAV debug: }
LibClamAV debug: Minor version: 0x3e
LibClamAV debug: DLL version: 0x3
LibClamAV debug: Byte Order: -2
LibClamAV debug: Big Block Size: 9
LibClamAV debug: Small Block Size: 6
LibClamAV debug: BAT count: 1
LibClamAV debug: Prop start: 33
LibClamAV debug: SBAT cutoff: 4096
LibClamAV debug: SBat start: 35
LibClamAV debug: SBat block count: 1
LibClamAV debug: XBat start: -2
LibClamAV debug: XBat block count: 0

LibClamAV debug: Root Entry LibClamAV debug: [root] LibClamAV debug: b LibClamAV debug: 4224 0
LibClamAV debug: _5_SummaryInformation LibClamAV debug: [file] LibClamAV debug: b LibClamAV debug: 4096 0
LibClamAV debug: WordDocument LibClamAV debug: [file] LibClamAV debug: b LibClamAV debug: 4096 0
LibClamAV debug: Macros LibClamAV debug: [dir ] LibClamAV debug: r LibClamAV debug: 0 0
LibClamAV debug: OLE2 dir entry: C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-f9d3de84907a83a81644c5e4cc486c7b.00000cec.clamtmp/000005
LibClamAV debug: 1Table LibClamAV debug: [file] LibClamAV debug: b LibClamAV debug: 4096 0
LibClamAV debug: _1_CompObj LibClamAV debug: [file] LibClamAV debug: b LibClamAV debug: 106 0
LibClamAV debug: ObjectPool LibClamAV debug: [dir ] LibClamAV debug: r LibClamAV debug: 0 0
LibClamAV debug: OLE2 dir entry: C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-f9d3de84907a83a81644c5e4cc486c7b.00000cec.clamtmp/000013
LibClamAV debug: PROJECT LibClamAV debug: [file] LibClamAV debug: b LibClamAV debug: 365 0
LibClamAV debug: VBA LibClamAV debug: [dir ] LibClamAV debug: r LibClamAV debug: 0 0
LibClamAV debug: OLE2 dir entry: C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-f9d3de84907a83a81644c5e4cc486c7b.00000cec.clamtmp/000005/000006
LibClamAV debug: ThisDocument LibClamAV debug: [file] LibClamAV debug: b LibClamAV debug: 13057 0
LibClamAV debug: dir LibClamAV debug: [file] LibClamAV debug: r LibClamAV debug: 501 0
LibClamAV debug: _VBA_PROJECT LibClamAV debug: [file] LibClamAV debug: r LibClamAV debug: 3115 0
LibClamAV debug: PROJECTwm LibClamAV debug: [file] LibClamAV debug: r LibClamAV debug: 41 0
LibClamAV debug: _5_DocumentSummaryInformation LibClamAV debug: [file] LibClamAV debug: b LibClamAV debug: 4096 0
LibClamAV debug: VBADir: C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-f9d3de84907a83a81644c5e4cc486c7b.00000cec.clamtmp
LibClamAV debug: in vba56_dir_read()
LibClamAV debug: Can't open C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-f9d3de84907a83a81644c5e4cc486c7b.00000cec.clamtmp/_VBA_PROJECT
LibClamAV debug: Open PowerPoint Document failed
LibClamAV debug: Open WordDocument failed
LibClamAV debug: VBADir: C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-f9d3de84907a83a81644c5e4cc486c7b.00000cec.clamtmp/000005
LibClamAV debug: in vba56_dir_read()
LibClamAV debug: Can't open C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-f9d3de84907a83a81644c5e4cc486c7b.00000cec.clamtmp/000005/_VBA_PROJECT
LibClamAV debug: Open PowerPoint Document failed
LibClamAV debug: Open WordDocument failed
LibClamAV debug: VBADir: C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-f9d3de84907a83a81644c5e4cc486c7b.00000cec.clamtmp/000005/000006
LibClamAV debug: in vba56_dir_read()
LibClamAV debug: Can't open C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-f9d3de84907a83a81644c5e4cc486c7b.00000cec.clamtmp/000005/000006/_VBA_PROJECT
LibClamAV debug: Open PowerPoint Document failed
LibClamAV debug: Open WordDocument failed
LibClamAV debug: VBADir: C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-f9d3de84907a83a81644c5e4cc486c7b.00000cec.clamtmp/000013
LibClamAV debug: in vba56_dir_read()
LibClamAV debug: Can't open C:\DOCUME~1\M8EBA~1.JOS\LOCALS~1\Temp/clamav-f9d3de84907a83a81644c5e4cc486c7b.00000cec.clamtmp/000013/_VBA_PROJECT
LibClamAV debug: Open PowerPoint Document failed
LibClamAV debug: Open WordDocument failed
LibClamAV debug: Calculated MD5 checksum: ef6463ec9e3d42d3354e0d28b4a472c8
LibClamAV debug: Type: 0, expected: 512 (W97M.Marker.EK)
LibClamAV debug: Type: 0, expected: 512 (W97M.Marker.AZ)
LibClamAV debug: Calculated MD5 checksum: 266b350ae805fd01669b79df40b83f2d
LibClamAV debug: Calculated MD5 checksum: 8cc9793c22aadb9a35f90cc6995c99f1
LibClamAV debug: Calculated MD5 checksum: 4e216fcf1d48a2dc3a489ed5a263d93b
LibClamAV debug: Calculated MD5 checksum: 50affd080678cfdcd0b5fbbd2d9b79f1
LibClamAV debug: Calculated MD5 checksum: c68bbc7f81d8fafff7340f85f94ea1ad
LibClamAV debug: Calculated MD5 checksum: 45da729d93221747f64da6a8464f1a6f
LibClamAV debug: Calculated MD5 checksum: 55b245f1b7a13848a333ceb2c6ad3dc3
LibClamAV debug: Calculated MD5 checksum: f3f26485c539036e5532addb327709c4
LibClamAV debug: Calculated MD5 checksum: 04bb44952a52de825ba5243f71107570
LibClamAV debug: Calculated MD5 checksum: 5c80f6ab2937800a719b3c44f151aef3
C:\docs\macro_virus_test.doc: OK

----------- SCAN SUMMARY -----------
Known viruses: 86098
Engine version: 0.88.7
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.06 MB
Time: 4.641 sec (0 m 4 s)

C:\Program Files\ClamWin\bin>

Discussion

  • Marshall Jose
    Marshall Jose
    2007-01-06

    Infected msword document

     
    Attachments