blob: 9aefbe5815529a55700495a5436b21289a80e55c [file] [log] [blame]
LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************
Initializing the engine (devel-20071218)
Initializing phishcheck module
Phishcheck: Compiling regex: %s
Phishcheck: Compiling regex: %s
Phishcheck: Compiling regex: %s
Phishcheck: Compiling regex: %s
Phishcheck: Compiling regex: %s
Phishcheck: Compiling regex: %s
Phishcheck module initialized
cli_loaddbdir: Acquiring dbdir lock
Loading databases from %s
in cli_cvdload()
MD5(.tar.gz) = %s
in cli_untgz()
cli_untgz: Unpacking %s
cli_untgz: Unpacking %s
cli_untgz: Unpacking %s
cli_untgz: Unpacking %s
cli_untgz: Unpacking %s
cli_untgz: Unpacking %s
cli_untgz: Unpacking %s
cli_untgz: Unpacking %s
cli_untgz: Unpacking %s
cli_untgz: Unpacking %s
cli_untgz: Unpacking %s
cli_untgz: Unpacking %s
cli_untgz: Unpacking %s
cli_untgz: Unpacking %s
cli_loaddbdir: Acquiring dbdir lock
Loading databases from %s
%s loaded
Initializing engine->root[%d]
Initialising AC pattern matcher of root[%d]
cli_initroots: Initializing BM tables of root[%d]
Initializing engine->root[%d]
Initialising AC pattern matcher of root[%d]
cli_initroots: Initializing BM tables of root[%d]
Initializing engine->root[%d]
Initialising AC pattern matcher of root[%d]
cli_initroots: Initializing BM tables of root[%d]
Initializing engine->root[%d]
Initialising AC pattern matcher of root[%d]
cli_initroots: Initializing BM tables of root[%d]
Initializing engine->root[%d]
Initialising AC pattern matcher of root[%d]
cli_initroots: Initializing BM tables of root[%d]
Initializing engine->root[%d]
Initialising AC pattern matcher of root[%d]
cli_initroots: Initializing BM tables of root[%d]
Initializing engine->root[%d]
Initialising AC pattern matcher of root[%d]
cli_initroots: Initializing BM tables of root[%d]
%s loaded
cli_loadmd5: Initializing MD5 list structure
%s loaded
%s loaded
%s skipped
%s loaded
%s skipped
%s loaded
%s skipped
Loading regex_list
regex_list: Initialising AC pattern matcher
Building regex list
%s loaded
Loading regex_list
regex_list: Initialising AC pattern matcher
Building regex list
%s loaded
%s loaded
%s loaded
Dynamic engine configuration settings:
--------------------------------------
Module PE: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
Module ELF: %s
Module ARCHIVE: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
Module DOCUMENT: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
Module MAIL: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
Module OTHER: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
* Submodule %10s: %s
Module PHISHING %s
* Submodule %10s: %s
* Submodule %10s: %s
Scanning clam.cab
Recognized %s file
in cli_scanmscab()
CAB: -------------- Cabinet file ----------------
CAB: Cabinet length: %u
CAB: Folders: %u
CAB: Files: %u
CAB: File format version: %u.%u
CAB: Folder record %u
CAB: Folder offset: %u
CAB: Folder compression method: %d
CAB: File record %u
CAB: File name: %s
CAB: File offset: %u
CAB: File folder index: %u
CAB: File attribs: 0x%x
CAB: Extracting file %s to %s, size %u
Recognized %s file
e_lfanew == %d
Machine type: 80386
NumberOfSections: %d
TimeDateStamp: %s
SizeOfOptionalHeader: %x
File format: PE
MajorLinkerVersion: %d
MinorLinkerVersion: %d
SizeOfCode: 0x%x
SizeOfInitializedData: 0x%x
SizeOfUninitializedData: 0x%x
AddressOfEntryPoint: 0x%x
BaseOfCode: 0x%x
SectionAlignment: 0x%x
FileAlignment: 0x%x
MajorSubsystemVersion: %d
MinorSubsystemVersion: %d
SizeOfImage: 0x%x
SizeOfHeaders: 0x%x
NumberOfRvaAndSizes: %d
Subsystem: Win32 GUI
------------------------------------
Section %d
Section name: %s
Section data (from headers - in memory)
VirtualSize: 0x%x 0x%x
VirtualAddress: 0x%x 0x%x
SizeOfRawData: 0x%x 0x%x
PointerToRawData: 0x%x 0x%x
Section's memory is writeable
------------------------------------
EntryPoint offset: 0x%x (%d)
clam.cab: OK
Scanning clamdoc.tar.gz
Recognized %s file
in cli_scangzip()
Recognized POSIX tar file
in cli_scantar()
In untar(%s, %d)
cli_untar: size = %d
cli_untar: extracting %s
Recognized %s file
in cli_pdf(%s)
cli_pdf: scanning %lu bytes
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
Length is in indirect obj %ld
length in '%s' %ld
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: writing %lu bytes from the stream
cli_pdf: extracted file %d to %s
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d
cli_pdf: flatedecode %lu bytes
cli_pdf: flatedecode in=%lu out=%lu ratio %lu (max %u)
cli_pdf: extracted file %d to %s
cli_pdf: returning %d
Recognized %s file
in cli_check_jpeg_exploit()
clamdoc.tar.gz: OK
Scanning clam.exe
Recognized %s file
e_lfanew == %d
Machine type: 80386
NumberOfSections: %d
TimeDateStamp: %s
SizeOfOptionalHeader: %x
File format: PE
MajorLinkerVersion: %d
MinorLinkerVersion: %d
SizeOfCode: 0x%x
SizeOfInitializedData: 0x%x
SizeOfUninitializedData: 0x%x
AddressOfEntryPoint: 0x%x
BaseOfCode: 0x%x
SectionAlignment: 0x%x
FileAlignment: 0x%x
MajorSubsystemVersion: %d
MinorSubsystemVersion: %d
SizeOfImage: 0x%x
SizeOfHeaders: 0x%x
NumberOfRvaAndSizes: %d
Subsystem: Win32 GUI
------------------------------------
Section %d
Section name: %s
Section data (from headers - in memory)
VirtualSize: 0x%x 0x%x
VirtualAddress: 0x%x 0x%x
SizeOfRawData: 0x%x 0x%x
PointerToRawData: 0x%x 0x%x
Section's memory is writeable
------------------------------------
EntryPoint offset: 0x%x (%d)
clam.exe: OK
Scanning clam.exe.bz2
Recognized %s file
clam.exe.bz2: OK
Scanning clam-v2.rar
LibClamAV Warning: RAR code not compiled-in
Recognized %s file
clam-v2.rar: OK
Scanning clam-v3.rar
LibClamAV Warning: RAR code not compiled-in
Recognized %s file
clam-v3.rar: OK
Scanning clam.zip
Recognized %s file
in scanzip()
Unzip: __zip_find_disk_trailer: found file header at %u, shift %u
Zip: %s, crc32: 0x%x, offset: %u, encrypted: %u, compressed: %u, normal: %u, method: %u, ratio: %u (max: %u)
Zip: File decompressed to %s
Recognized %s file
e_lfanew == %d
Machine type: 80386
NumberOfSections: %d
TimeDateStamp: %s
SizeOfOptionalHeader: %x
File format: PE
MajorLinkerVersion: %d
MinorLinkerVersion: %d
SizeOfCode: 0x%x
SizeOfInitializedData: 0x%x
SizeOfUninitializedData: 0x%x
AddressOfEntryPoint: 0x%x
BaseOfCode: 0x%x
SectionAlignment: 0x%x
FileAlignment: 0x%x
MajorSubsystemVersion: %d
MinorSubsystemVersion: %d
SizeOfImage: 0x%x
SizeOfHeaders: 0x%x
NumberOfRvaAndSizes: %d
Subsystem: Win32 GUI
------------------------------------
Section %d
Section name: %s
Section data (from headers - in memory)
VirtualSize: 0x%x 0x%x
VirtualAddress: 0x%x 0x%x
SizeOfRawData: 0x%x 0x%x
PointerToRawData: 0x%x 0x%x
Section's memory is writeable
------------------------------------
EntryPoint offset: 0x%x (%d)
Matched signature for file type %s at %u
clam.zip: OK
Scanning README
README: OK
Scanning Doc11.rtf
Recognized %s file
in cli_scanrtf()
RTF: waiting for magic
RTF: description length:%lu
RTF: in WAIT_DESC
Preparing to dump rtf embedded object, description:%s
RTF: next state: wait_data_size
RTF: in WAIT_DATA_SIZE
Dumping rtf embedded object of size:%lu
RTF: next state: DUMP_DATA
RTF:Scanning embedded object:%s
Recognized %s file
in cli_scanole2()
in cli_ole2_extract()
mmap'ed file
Magic: 0x
%x
%x
%x
%x
%x
%x
%x
%x
CLSID: {
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
}
Minor version: 0x%x
DLL version: 0x%x
Byte Order: %d
Big Block Size: %i
Small Block Size: %i
BAT count: %d
Prop start: %d
SBAT cutoff: %d
SBat start: %d
SBat block count: %d
XBat start: %d
XBat block count: %d
Max block number: %lu
%34s
[root]
r
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
%34s
[dir ]
b
0x%.8x 0x%.8x
OLE2 dir entry: %s
%34s
[dir ]
b
0x%.8x 0x%.8x
OLE2 dir entry: %s
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
VBADir: %s
in vba56_dir_read()
Can't open %s
Open PowerPoint Document failed
macro offset: 0x%.4x
macro len: 0x%.4x
read macro_info failed
VBADir: %s
in vba56_dir_read()
Can't open %s
Open PowerPoint Document failed
Open WordDocument failed
VBADir: %s
in vba56_dir_read()
Can't open %s
Open PowerPoint Document failed
Open WordDocument failed
Recognized %s file
e_lfanew == %d
Machine type: 80386
NumberOfSections: %d
TimeDateStamp: %s
SizeOfOptionalHeader: %x
File format: PE
MajorLinkerVersion: %d
MinorLinkerVersion: %d
SizeOfCode: 0x%x
SizeOfInitializedData: 0x%x
SizeOfUninitializedData: 0x%x
AddressOfEntryPoint: 0x%x
BaseOfCode: 0x%x
SectionAlignment: 0x%x
FileAlignment: 0x%x
MajorSubsystemVersion: %d
MinorSubsystemVersion: %d
SizeOfImage: 0x%x
SizeOfHeaders: 0x%x
NumberOfRvaAndSizes: %d
Subsystem: Win32 GUI
------------------------------------
Section %d
Section name: %s
Section data (from headers - in memory)
VirtualSize: 0x%x 0x%x
VirtualAddress: 0x%x 0x%x
SizeOfRawData: 0x%x 0x%x
PointerToRawData: 0x%x 0x%x
Section's memory is writeable
------------------------------------
EntryPoint offset: 0x%x (%d)
RTF: waiting for magic
Warning: rtf objdata magic number not matched, expected:%d, got: %d, at pos:%lu
Doc11.rtf: OK
Scanning Doc1.rtf
Recognized %s file
in cli_scanrtf()
RTF: waiting for magic
RTF: description length:%lu
RTF: in WAIT_DESC
Preparing to dump rtf embedded object, description:%s
RTF: next state: wait_data_size
RTF: in WAIT_DATA_SIZE
Dumping rtf embedded object of size:%lu
RTF: next state: DUMP_DATA
RTF:Scanning embedded object:%s
Decoding ole object
Recognized %s file
e_lfanew == %d
Machine type: 80386
NumberOfSections: %d
TimeDateStamp: %s
SizeOfOptionalHeader: %x
File format: PE
MajorLinkerVersion: %d
MinorLinkerVersion: %d
SizeOfCode: 0x%x
SizeOfInitializedData: 0x%x
SizeOfUninitializedData: 0x%x
AddressOfEntryPoint: 0x%x
BaseOfCode: 0x%x
SectionAlignment: 0x%x
FileAlignment: 0x%x
MajorSubsystemVersion: %d
MinorSubsystemVersion: %d
SizeOfImage: 0x%x
SizeOfHeaders: 0x%x
NumberOfRvaAndSizes: %d
Subsystem: Win32 GUI
------------------------------------
Section %d
Section name: %s
Section data (from headers - in memory)
VirtualSize: 0x%x 0x%x
VirtualAddress: 0x%x 0x%x
SizeOfRawData: 0x%x 0x%x
PointerToRawData: 0x%x 0x%x
Section's memory is writeable
------------------------------------
EntryPoint offset: 0x%x (%d)
RTF: waiting for magic
Warning: rtf objdata magic number not matched, expected:%d, got: %d, at pos:%lu
RTF: description length:%lu
RTF: in WAIT_DESC
Preparing to dump rtf embedded object, description:%s
RTF: next state: wait_data_size
RTF: in WAIT_DATA_SIZE
Dumping rtf embedded object of size:%lu
RTF: next state: DUMP_DATA
RTF:Scanning embedded object:%s
Decoding ole object
Small data (%u bytes)
Doc1.rtf: OK
Scanning Doc22.rtf
Recognized %s file
in cli_scanrtf()
RTF: waiting for magic
RTF: description length:%lu
RTF: in WAIT_DESC
Preparing to dump rtf embedded object, description:%s
RTF: next state: wait_data_size
RTF: in WAIT_DATA_SIZE
Dumping rtf embedded object of size:%lu
RTF: next state: DUMP_DATA
RTF:Scanning embedded object:%s
Recognized %s file
in cli_scanole2()
in cli_ole2_extract()
mmap'ed file
Magic: 0x
%x
%x
%x
%x
%x
%x
%x
%x
CLSID: {
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
}
Minor version: 0x%x
DLL version: 0x%x
Byte Order: %d
Big Block Size: %i
Small Block Size: %i
BAT count: %d
Prop start: %d
SBAT cutoff: %d
SBat start: %d
SBat block count: %d
XBat start: %d
XBat block count: %d
Max block number: %lu
%34s
[root]
r
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
%34s
[dir ]
b
0x%.8x 0x%.8x
OLE2 dir entry: %s
%34s
[dir ]
b
0x%.8x 0x%.8x
OLE2 dir entry: %s
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
VBADir: %s
in vba56_dir_read()
Can't open %s
Open PowerPoint Document failed
macro offset: 0x%.4x
macro len: 0x%.4x
read macro_info failed
VBADir: %s
in vba56_dir_read()
Can't open %s
Open PowerPoint Document failed
Open WordDocument failed
VBADir: %s
in vba56_dir_read()
Can't open %s
Open PowerPoint Document failed
Open WordDocument failed
Recognized %s file
e_lfanew == %d
Machine type: 80386
NumberOfSections: %d
TimeDateStamp: %s
SizeOfOptionalHeader: %x
File format: PE
MajorLinkerVersion: %d
MinorLinkerVersion: %d
SizeOfCode: 0x%x
SizeOfInitializedData: 0x%x
SizeOfUninitializedData: 0x%x
AddressOfEntryPoint: 0x%x
BaseOfCode: 0x%x
SectionAlignment: 0x%x
FileAlignment: 0x%x
MajorSubsystemVersion: %d
MinorSubsystemVersion: %d
SizeOfImage: 0x%x
SizeOfHeaders: 0x%x
NumberOfRvaAndSizes: %d
Subsystem: Win32 GUI
------------------------------------
Section %d
Section name: %s
Section data (from headers - in memory)
VirtualSize: 0x%x 0x%x
VirtualAddress: 0x%x 0x%x
SizeOfRawData: 0x%x 0x%x
PointerToRawData: 0x%x 0x%x
Section's memory is writeable
------------------------------------
EntryPoint offset: 0x%x (%d)
RTF: waiting for magic
Warning: rtf objdata magic number not matched, expected:%d, got: %d, at pos:%lu
Doc22.rtf: OK
Scanning Doc2.rtf
Recognized %s file
in cli_scanrtf()
RTF: waiting for magic
RTF: description length:%lu
RTF: in WAIT_DESC
Preparing to dump rtf embedded object, description:%s
RTF: next state: wait_data_size
RTF: in WAIT_DATA_SIZE
Dumping rtf embedded object of size:%lu
RTF: next state: DUMP_DATA
RTF:Scanning embedded object:%s
Recognized %s file
in cli_scanole2()
in cli_ole2_extract()
mmap'ed file
Magic: 0x
%x
%x
%x
%x
%x
%x
%x
%x
CLSID: {
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
}
Minor version: 0x%x
DLL version: 0x%x
Byte Order: %d
Big Block Size: %i
Small Block Size: %i
BAT count: %d
Prop start: %d
SBAT cutoff: %d
SBat start: %d
SBat block count: %d
XBat start: %d
XBat block count: %d
Max block number: %lu
%34s
[root]
r
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
%34s
[dir ]
b
0x%.8x 0x%.8x
OLE2 dir entry: %s
%34s
[dir ]
b
0x%.8x 0x%.8x
OLE2 dir entry: %s
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
VBADir: %s
in vba56_dir_read()
Can't open %s
Open PowerPoint Document failed
macro offset: 0x%.4x
macro len: 0x%.4x
read macro_info failed
VBADir: %s
in vba56_dir_read()
Can't open %s
Open PowerPoint Document failed
Open WordDocument failed
VBADir: %s
in vba56_dir_read()
Can't open %s
Open PowerPoint Document failed
Open WordDocument failed
Recognized %s file
e_lfanew == %d
Machine type: 80386
NumberOfSections: %d
TimeDateStamp: %s
SizeOfOptionalHeader: %x
File format: PE
MajorLinkerVersion: %d
MinorLinkerVersion: %d
SizeOfCode: 0x%x
SizeOfInitializedData: 0x%x
SizeOfUninitializedData: 0x%x
AddressOfEntryPoint: 0x%x
BaseOfCode: 0x%x
SectionAlignment: 0x%x
FileAlignment: 0x%x
MajorSubsystemVersion: %d
MinorSubsystemVersion: %d
SizeOfImage: 0x%x
SizeOfHeaders: 0x%x
NumberOfRvaAndSizes: %d
Subsystem: Win32 GUI
------------------------------------
Section %d
Section name: %s
Section data (from headers - in memory)
VirtualSize: 0x%x 0x%x
VirtualAddress: 0x%x 0x%x
SizeOfRawData: 0x%x 0x%x
PointerToRawData: 0x%x 0x%x
Section's memory is writeable
------------------------------------
EntryPoint offset: 0x%x (%d)
RTF: waiting for magic
Warning: rtf objdata magic number not matched, expected:%d, got: %d, at pos:%lu
Doc2.rtf: OK
Scanning doc3.rtf
Recognized %s file
in cli_scanrtf()
RTF: waiting for magic
RTF: description length:%lu
RTF: in WAIT_DESC
Preparing to dump rtf embedded object, description:%s
RTF: next state: wait_data_size
RTF: in WAIT_DATA_SIZE
Dumping rtf embedded object of size:%lu
RTF: next state: DUMP_DATA
RTF:Scanning embedded object:%s
Recognized %s file
in cli_scanole2()
in cli_ole2_extract()
mmap'ed file
Magic: 0x
%x
%x
%x
%x
%x
%x
%x
%x
CLSID: {
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
}
Minor version: 0x%x
DLL version: 0x%x
Byte Order: %d
Big Block Size: %i
Small Block Size: %i
BAT count: %d
Prop start: %d
SBAT cutoff: %d
SBat start: %d
SBat block count: %d
XBat start: %d
XBat block count: %d
Max block number: %lu
%34s
[root]
r
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
%34s
[dir ]
b
0x%.8x 0x%.8x
OLE2 dir entry: %s
%34s
[dir ]
b
0x%.8x 0x%.8x
OLE2 dir entry: %s
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[dir ]
b
0x%.8x 0x%.8x
OLE2 dir entry: %s
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
%34s
[dir ]
b
0x%.8x 0x%.8x
OLE2 dir entry: %s
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
VBADir: %s
in vba56_dir_read()
Can't open %s
Open PowerPoint Document failed
macro offset: 0x%.4x
macro len: 0x%.4x
read macro_info failed
VBADir: %s
in vba56_dir_read()
Can't open %s
Open PowerPoint Document failed
Open WordDocument failed
VBADir: %s
in vba56_dir_read()
Can't open %s
Open PowerPoint Document failed
macro offset: 0x%.4x
macro len: 0x%.4x
read macro_info failed
VBADir: %s
in vba56_dir_read()
Can't open %s
Open PowerPoint Document failed
Open WordDocument failed
VBADir: %s
in vba56_dir_read()
Can't open %s
Open PowerPoint Document failed
Open WordDocument failed
Recognized %s file
e_lfanew == %d
Machine type: 80386
NumberOfSections: %d
TimeDateStamp: %s
SizeOfOptionalHeader: %x
File format: PE
MajorLinkerVersion: %d
MinorLinkerVersion: %d
SizeOfCode: 0x%x
SizeOfInitializedData: 0x%x
SizeOfUninitializedData: 0x%x
AddressOfEntryPoint: 0x%x
BaseOfCode: 0x%x
SectionAlignment: 0x%x
FileAlignment: 0x%x
MajorSubsystemVersion: %d
MinorSubsystemVersion: %d
SizeOfImage: 0x%x
SizeOfHeaders: 0x%x
NumberOfRvaAndSizes: %d
Subsystem: Win32 GUI
------------------------------------
Section %d
Section name: %s
Section data (from headers - in memory)
VirtualSize: 0x%x 0x%x
VirtualAddress: 0x%x 0x%x
SizeOfRawData: 0x%x 0x%x
PointerToRawData: 0x%x 0x%x
Section's memory is writeable
------------------------------------
EntryPoint offset: 0x%x (%d)
RTF: waiting for magic
Warning: rtf objdata magic number not matched, expected:%d, got: %d, at pos:%lu
doc3.rtf: OK
Scanning docCLAMexe.rtf
Recognized %s file
in cli_scanrtf()
RTF: waiting for magic
RTF: description length:%lu
RTF: in WAIT_DESC
Preparing to dump rtf embedded object, description:%s
RTF: next state: wait_data_size
RTF: in WAIT_DATA_SIZE
Dumping rtf embedded object of size:%lu
RTF: next state: DUMP_DATA
RTF:Scanning embedded object:%s
Decoding ole object
Recognized %s file
e_lfanew == %d
Machine type: 80386
NumberOfSections: %d
TimeDateStamp: %s
SizeOfOptionalHeader: %x
File format: PE
MajorLinkerVersion: %d
MinorLinkerVersion: %d
SizeOfCode: 0x%x
SizeOfInitializedData: 0x%x
SizeOfUninitializedData: 0x%x
AddressOfEntryPoint: 0x%x
BaseOfCode: 0x%x
SectionAlignment: 0x%x
FileAlignment: 0x%x
MajorSubsystemVersion: %d
MinorSubsystemVersion: %d
SizeOfImage: 0x%x
SizeOfHeaders: 0x%x
NumberOfRvaAndSizes: %d
Subsystem: Win32 GUI
------------------------------------
Section %d
Section name: %s
Section data (from headers - in memory)
VirtualSize: 0x%x 0x%x
VirtualAddress: 0x%x 0x%x
SizeOfRawData: 0x%x 0x%x
PointerToRawData: 0x%x 0x%x
Section's memory is writeable
------------------------------------
EntryPoint offset: 0x%x (%d)
RTF: waiting for magic
Warning: rtf objdata magic number not matched, expected:%d, got: %d, at pos:%lu
RTF: description length:%lu
RTF: in WAIT_DESC
Preparing to dump rtf embedded object, description:%s
RTF: next state: wait_data_size
RTF: in WAIT_DATA_SIZE
Dumping rtf embedded object of size:%lu
RTF: next state: DUMP_DATA
RTF:Scanning embedded object:%s
Decoding ole object
Small data (%u bytes)
docCLAMexe.rtf: OK
Scanning rtf1.rtf
Recognized %s file
in cli_scanrtf()
RTF: waiting for magic
RTF: description length:%lu
RTF: in WAIT_DESC
Preparing to dump rtf embedded object, description:%s
RTF: next state: wait_data_size
RTF: in WAIT_DATA_SIZE
Dumping rtf embedded object of size:%lu
RTF: next state: DUMP_DATA
RTF:Scanning embedded object:%s
Decoding ole object
RTF: waiting for magic
Warning: rtf objdata magic number not matched, expected:%d, got: %d, at pos:%lu
RTF: description length:%lu
RTF: in WAIT_DESC
Preparing to dump rtf embedded object, description:%s
RTF: next state: wait_data_size
RTF: in WAIT_DATA_SIZE
Dumping rtf embedded object of size:%lu
RTF: next state: DUMP_DATA
RTF:Scanning embedded object:%s
Decoding ole object
Small data (%u bytes)
RTF: waiting for magic
RTF: description length:%lu
RTF: in WAIT_DESC
Preparing to dump rtf embedded object, description:%s
RTF: next state: wait_data_size
RTF: in WAIT_DATA_SIZE
Dumping rtf embedded object of size:%lu
RTF: next state: DUMP_DATA
RTF:Scanning embedded object:%s
Decoding ole object
Recognized %s file
e_lfanew == %d
Machine type: 80386
NumberOfSections: %d
TimeDateStamp: %s
SizeOfOptionalHeader: %x
File format: PE
MajorLinkerVersion: %d
MinorLinkerVersion: %d
SizeOfCode: 0x%x
SizeOfInitializedData: 0x%x
SizeOfUninitializedData: 0x%x
AddressOfEntryPoint: 0x%x
BaseOfCode: 0x%x
SectionAlignment: 0x%x
FileAlignment: 0x%x
MajorSubsystemVersion: %d
MinorSubsystemVersion: %d
SizeOfImage: 0x%x
SizeOfHeaders: 0x%x
NumberOfRvaAndSizes: %d
Subsystem: Win32 GUI
------------------------------------
Section %d
Section name: %s
Section data (from headers - in memory)
VirtualSize: 0x%x 0x%x
VirtualAddress: 0x%x 0x%x
SizeOfRawData: 0x%x 0x%x
PointerToRawData: 0x%x 0x%x
Section's memory is writeable
------------------------------------
EntryPoint offset: 0x%x (%d)
RTF: waiting for magic
Warning: rtf objdata magic number not matched, expected:%d, got: %d, at pos:%lu
RTF: description length:%lu
RTF: in WAIT_DESC
Preparing to dump rtf embedded object, description:%s
RTF: next state: wait_data_size
RTF: in WAIT_DATA_SIZE
Dumping rtf embedded object of size:%lu
RTF: next state: DUMP_DATA
RTF:Scanning embedded object:%s
Decoding ole object
Small data (%u bytes)
rtf1.rtf: OK
Scanning rtf-novirus.rtf
Recognized %s file
in cli_scanrtf()
RTF: waiting for magic
RTF: description length:%lu
RTF: in WAIT_DESC
Preparing to dump rtf embedded object, description:%s
RTF: next state: wait_data_size
RTF: in WAIT_DATA_SIZE
Dumping rtf embedded object of size:%lu
RTF: next state: DUMP_DATA
RTF:Scanning embedded object:%s
Recognized %s file
in cli_scanole2()
in cli_ole2_extract()
mmap'ed file
Magic: 0x
%x
%x
%x
%x
%x
%x
%x
%x
CLSID: {
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
}
Minor version: 0x%x
DLL version: 0x%x
Byte Order: %d
Big Block Size: %i
Small Block Size: %i
BAT count: %d
Prop start: %d
SBAT cutoff: %d
SBat start: %d
SBat block count: %d
XBat start: %d
XBat block count: %d
Max block number: %lu
%34s
[root]
r
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
VBADir: %s
in vba56_dir_read()
Can't open %s
Open PowerPoint Document failed
No macros detected
RTF: waiting for magic
Warning: rtf objdata magic number not matched, expected:%d, got: %d, at pos:%lu
RTF: waiting for magic
RTF: description length:%lu
RTF: in WAIT_DESC
Preparing to dump rtf embedded object, description:%s
RTF: next state: wait_data_size
RTF: in WAIT_DATA_SIZE
Dumping rtf embedded object of size:%lu
RTF: next state: DUMP_DATA
RTF:Scanning embedded object:%s
Recognized %s file
in cli_scanole2()
in cli_ole2_extract()
mmap'ed file
Magic: 0x
%x
%x
%x
%x
%x
%x
%x
%x
CLSID: {
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
%x
}
Minor version: 0x%x
DLL version: 0x%x
Byte Order: %d
Big Block Size: %i
Small Block Size: %i
BAT count: %d
Prop start: %d
SBAT cutoff: %d
SBat start: %d
SBat block count: %d
XBat start: %d
XBat block count: %d
Max block number: %lu
%34s
[root]
r
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
b
0x%.8x 0x%.8x
%34s
[file]
r
0x%.8x 0x%.8x
VBADir: %s
in vba56_dir_read()
Can't open %s
Open PowerPoint Document failed
No macros detected
RTF: waiting for magic
Warning: rtf objdata magic number not matched, expected:%d, got: %d, at pos:%lu
rtf-novirus.rtf: OK
Cleaning up phishcheck
Freeing phishcheck struct
Phishcheck cleaned up
----------- SCAN SUMMARY -----------
Known viruses: 19590
Engine version: devel-20071218
Scanned directories: 0
Scanned files: 16
Infected files: 0
Data scanned: 1.89 MB
exit 0