clamav and RAR..(update and feature request)

Julian Field MailScanner at ecs.soton.ac.uk
Mon Mar 7 09:47:32 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Yes, it is quite possible for me to extract the path of the unrar
program if it is set. But it will take several commands to do it each
time in the clamav-wrapper. Which is going to be slow. The last thing I
want to do is make the clamav-wrapper self-modifying :-)

I could set the unrar command path by default in the MailScanner.conf.
Then MailScanner would spit out warnings about not being able to find it
and they would then have to either install it separately or disable the
setting in MailScanner.conf.

But I don't like the idea of a setup that warns about things by default.
It is very untidy. I don't *think* I do this now.

Martin Hepworth wrote:

> Julian,
>
> Is there anyway of running the ClamAV command-line with the --unrar
> option set correctly if the new UNRAR option is set in MailScanner.conf?
>
>
>
> An update for all those running Clam and following the RAR thread.
>
> I caught two RAR viruses over the w/end, Sophos also picked them up. But
> I am running clam with the wrapper modified to include the rar support
> for the command line scanner...which may or may not have made a
> difference.
>
> edit /opt/MailScanner/lib/clamav-wrapper and make sure the following is
> set..
>
> ScanOptions="--unrar=/usr/local/bin/unrar"
>
> Obviously you'll need to adjust paths where needed
>
> Here's what I caught..
>
> Report: ClamAV: 075466.rar contains Worm.Bagle.BA-RAR
>         SophosSAVI: 075466.rar was infected by Troj/BagleDl-M
>
>
> So make sure you're AV packages can handle RAR types. My ClamAV is 0.83
> and my Sophos is 3.91.0.
>
> Right off to try the 4.40.2 Julian put out over the w/end...
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
> <br
> />**********************************************************************
> <br />
> <br />This email and any files transmitted with it are confidential and
> <br />intended solely for the use of the individual or entity to whom
> they
> <br />are addressed. If you have received this email in error please
> notify
> <br />the system manager.
> <br />
> <br />This footnote confirms that this email message has been swept
> <br />for the presence of computer viruses and is believed to be clean.
> <br />
> <br
> />**********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list