On 2022-04-05 23:20, Nikolaos Milas wrote:
On 5/4/2022 11:06 μ.μ., Bastian Blank wrote:
This is no 7z file, the same as was already reported here.
Exactly. However the problem was solved, as you may see in the last
mails of the thread, by installing unrar on the OS.
sure, my point is unrar is part of clamav, not the os, with i just say
gentoo clamav have libunrar in clamav core, other distros it may default
disabled in, so you need to do unsecure unpack in amavisd to scan
malware, good point for maintainers that disabled unrar in clamav
The malicious sender, as was mentioned earlier, tries to confuse
scanners by deliberately using a wrong extension, to push the
attachment without scanning.
yes, thats why amavisd uses file to file type detection :=)
note i dont use amavisd anymore, but changed to more simple setup for me
fuglu
Amavis identifies correctly the type of the compressed archive and
uses the right decoder (if available).
not a problem on heavy loads
The real problem, in the end, is that the virus is not detected in the
infected file by ClamAV (after archive decoding). Is it effective and
efficient to use two mail scanners back-to-back?
foxhole is good in clamav
I would just ban rar files outright.
I would hesitate to drop RAR, as it is a compression format we respect
and use and the fact that some malicious parties use it is no
sufficient reason for dropping it, I think.
malware will use any packing format to hide for content scanners,
disable rar support in any malware scanners only helps nothing
My 2c.
dont know how many € this is :=)
