Stephen Gran wrote: >This one time, at band camp, Torsten Jerzembeck said: >> Severity: grave >> Justification: renders package unusable >Really, calm down.
Maybe I overreacted a little bit, but I see a lot of malware floating around as self-extracting RAR archives. In my eyes, an antivirus software not scanning those in spite of claiming otherwise is worse than no anitivrus software at all, as it lures it's users into a false sense of security. >What gives you the impression that .exe files aren't scanned? Testing with samples of malware in the form of self-extracting RAR archives. Those samples are not recognized by the clamscan from the Debian package, but are by the upstream version (both using the same pattern files). >> Libclamav already contains code to recognize the file format >> independently of a filetype extension (libclamav/scanners.c, lines 1554 >> ff., function cli_scanraw). This could/should be used to detect the >> filetype when deciding whether to call an external archiver to process a >> file. >If clamscan doesn't use an external unpacker, it falls back to the >internal one, which is by and large good enough (for everything but rar, >as you note). Agreed. The RAR archives really are the core of the problem here, other archive types just work (using the internal routines, probably). >THERE IS NO NEED TO SHOUT. Sorry. >The issue about rar files is true. Whether it's a bug in the package or >not is debatable, as it's certainly done on purpose by me with every >upload, and not some accident or bad code path. At least it is something that cripples the package and creates a kind of blind spot, which in my opinion is a Bad Thing for an antivirus software. >I'll see if upstream is interested in calling their native filetype >routines and add that to the list for choosing an external unpacker. Upstream wants to drop the routines for the external unpackers completely, see Bug #1052 in upstream's Bugzilla. Greetings from Karslruhe, =ToJe= -- Torsten Jerzembeck <[EMAIL PROTECTED]> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
