[Avcheck] Pre-announce: avcheck-0.9
Piotr Klaban
post@klaban.torun.pl
Fri, 12 Jul 2002 13:54:35 +0200
On Fri, Jul 12, 2002 at 12:32:56PM +0200, Ralf Hildebrandt wrote:
> > % unzip -l JPGWIZ.EXE
>
> Archive: JPGWIZ.EXE
> End-of-central-directory signature not found. Either this file is not
Right this is not zip/exe file, but it is executable WiseSFX archive.
This is what I got when running:
% /opt/AVP/kavscanner /alt/makler/JPGWIZ.EXE
<begin>
Current object: /alt/makler/JPGWIZ.EXE
/alt/makler/JPGWIZ.EXE archive: WiseSFX
/alt/makler/JPGWIZ.EXE/WISE0018.BIN packed: UPX
Scan process completed.
Sector Objects : 0 Known viruses : 0
Files : 31 Virus bodies : 0
Folders : 0 Disinfected : 0
Archives : 1 Deleted : 0
Packed : 1 Warnings : 0
Suspicious : 0
Speed (Kb/sec) : 2 Corrupted : 0
Scan time : 00:15:49 I/O Errors : 0
</end>
It was so time consuming, because my server is sparc/Solaris 8 (Ultra10)
and UPX compression is implemented on sparc only with C language
(on i386 it should be much faster because of assembler implementation).
According to the AVP docs:
<snip>
Unknown format
- the file is a pack or archive that was packed/archived
with an unknown utility or is corrupted and therefore cannot be
unpacked/extracted.
</snip>
Then maybe your JPGWIZ.EXE is corrupted or uses some type of new UPX format
that is not yet recognized by avp.
According to http://www.corpit.ru/pipermail/avcheck/2002-April/000572.html
return code 0x0131 was returned also for new MS Office format files.
--
Piotr Klaban