RE: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files

Tue, 16 Mar 2004 14:28:45 -0800 

> 
> Fajar A. Nugraha wrote:
> 
> > Helmut Schneider wrote:
> > 
> >>> seems that the clamav Port (0.67-1) has problems with RAR Files 
> >>> (e.g.
> >>> Bagle.N):
> >> 
> >> To avoid missunderstandings, I know the file is pwd, but 
> clamav does 
> >> not recognize the virus within the archive (maybe a DB problem)...
> >> 
> > Sometimes the signatures were created using the complete mail, so 
> > clamscan won't recognize the attachment alone but it will recognize 
> > the complete mail.
> > 
> > If you use clamscan, you can work around RAR errors using
> >     --unrar[=FULLPATH]                   Enable support for 
> .rar files
> > 
> > But since the RARs are password-protected, it's useless.
> > My suggestion is try feeding the complete virus mail to clamscan 
> > (instead of just the attachment), and see if it works.
> 
> Thats the point, if clamav would have detected the virus in 
> the original mail I wouldn't have posted here... :)
> 


I am experiencing similar problems on my OpenBSD 3.4 box and was
wondering if there has been any resolution on this issue.

I have an OpenBSD 3.3 stable box running in parallel with the OpenBSD
3.4 box that has caught the Worm.Bagle.Gen-rarpwd.

3.3 box running amavisd-new-20030616-p2         
        patched to allow scanning of full message
clamav-0.67-1
unrar-2.50

3.4 box running amavisd-new-20030616-p8
/etc/amavisd.conf settings
        $keep_decoded_original_re = new_RE(
        qr'^MAIL$',   # retain full original message for virus checking
clamav-0.67-1
unrar-3.20beta3

Don't know if any of this information helps but only solution I have
right now is to ban all ".rar" files on the 3.4 box.

Thanks

L. A. Duerksen




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to