Skip to main content

clamscan vs. clamscan

Found some Facebook scam in the trashbin today and was curious enough to have a closer look at the attachment:

 $ clamscan Facebook_password_845.zip | head -1
 Facebook_password_845.zip: Suspect.Bredozip-zippwd-3 FOUND

 $ unzip Facebook_password_845.zip 
 $ clamscan Facebook_password_845.exe | head -1
 Facebook_password_845.exe: OK
Huh? The .zip might contain a virus, but not the .exe file included? Should this be some kind of Zip Virus, where only the ZIP part is malicious? No, Virustotal confirms the .zip file infection and also the infection of the .exe file - maybe my clamav version is a bit old.