clamav and RAR..(update and feature request)

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Mon Mar 7 10:03:47 GMT 2005


Julian

Perhaps a comment in the MailScanner.conf at the same place at new unrar
  option could be useful as a first shot? Or are the two options
mutually exclusive - ie if you put in in one place you don't need the
other?


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Julian Field wrote:
> Yes, it is quite possible for me to extract the path of the unrar
> program if it is set. But it will take several commands to do it each
> time in the clamav-wrapper. Which is going to be slow. The last thing I
> want to do is make the clamav-wrapper self-modifying :-)
>
> I could set the unrar command path by default in the MailScanner.conf.
> Then MailScanner would spit out warnings about not being able to find it
> and they would then have to either install it separately or disable the
> setting in MailScanner.conf.
>
> But I don't like the idea of a setup that warns about things by default.
> It is very untidy. I don't *think* I do this now.
>
> Martin Hepworth wrote:
>
>> Julian,
>>
>> Is there anyway of running the ClamAV command-line with the --unrar
>> option set correctly if the new UNRAR option is set in MailScanner.conf?
>>
>>
>>
>> An update for all those running Clam and following the RAR thread.
>>
>> I caught two RAR viruses over the w/end, Sophos also picked them up. But
>> I am running clam with the wrapper modified to include the rar support
>> for the command line scanner...which may or may not have made a
>> difference.
>>
>> edit /opt/MailScanner/lib/clamav-wrapper and make sure the following is
>> set..
>>
>> ScanOptions="--unrar=/usr/local/bin/unrar"
>>
>> Obviously you'll need to adjust paths where needed
>>
>> Here's what I caught..
>>
>> Report: ClamAV: 075466.rar contains Worm.Bagle.BA-RAR
>>         SophosSAVI: 075466.rar was infected by Troj/BagleDl-M
>>
>>
>> So make sure you're AV packages can handle RAR types. My ClamAV is 0.83
>> and my Sophos is 3.91.0.
>>
>> Right off to try the 4.40.2 Julian put out over the w/end...
>>
>> --
>> Martin Hepworth
>> Snr Systems Administrator
>> Solid State Logic
>> Tel: +44 (0)1865 842300
>>
>> <br
>> />**********************************************************************
>> <br />
>> <br />This email and any files transmitted with it are confidential and
>> <br />intended solely for the use of the individual or entity to whom
>> they
>> <br />are addressed. If you have received this email in error please
>> notify
>> <br />the system manager.
>> <br />
>> <br />This footnote confirms that this email message has been swept
>> <br />for the presence of computer viruses and is believed to be clean.
>> <br />
>> <br
>> />**********************************************************************
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

<br />**********************************************************************
<br />
<br />This email and any files transmitted with it are confidential and
<br />intended solely for the use of the individual or entity to whom they
<br />are addressed. If you have received this email in error please notify
<br />the system manager.
<br />
<br />This footnote confirms that this email message has been swept
<br />for the presence of computer viruses and is believed to be clean.
<br />
<br />**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list