On Mon, 31 Jan 2005 13:23:10 -0600 (CST) Sam <[EMAIL PROTECTED]> wrote:
> On Mon, 31 Jan 2005, Tomasz Kojm wrote:
> > "Administrators who have seen .rar-packed malware say that none of
> > the messages have been stopped by their anti-virus defenses."
> >
> > ClamAV has been successfully stopping most of the Goldun variants
> > with its (often generic) signatures for RAR archives.
>
> That's good to know! :)
>
> I'm not in front of the docs right now, but I recall something in
> there about rar and licensing issues, and as such at least some of
> them are not scanned. Is this still valid?
Support for RAR 3.0 archives is still being worked on. However in the
case of password protected archives it's possible to develop signatures
that block particular malware, e.g.:
Trojan.Spy.Goldun.Gen-rarpwd-1:0:0:526172211a0700cf907300000d00{30-120}
666f746f2e6a70672020202020202020202020
Trojan.Spy.Goldun.Gen-rarpwd-2:0:0:526172211a0700cf907300000d00{30-120}
4d7357696e646f77735570646174652e657865
--
oo ..... Tomasz Kojm <[EMAIL PROTECTED]>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Mon Jan 31 20:25:33 CET 2005
pgpjPTSExMR54.pgp
Description: PGP signature
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
