No filetype checks on RAR-archives

Volker Dose vpdose at kirchenweg.de
Wed Apr 15 07:37:09 UTC 2015


Hi,
 
I am using CentOS and afaik there is no rar-Support compiled in - at least no
sign of "libclamavunrar":
 
 
[root at mailscanner ~]# ldd /usr/bin/clamscan
        linux-gate.so.1 =>  (0x00748000)
        libclamav.so.6 => /usr/lib/libclamav.so.6 (0x008ef000)
        libxml2.so.2 => /usr/lib/libxml2.so.2 (0x001bf000)
        libz.so.1 => /lib/libz.so.1 (0x00f46000)
        libbz2.so.1 => /lib/libbz2.so.1 (0x00515000)
        libssl.so.10 => /usr/lib/libssl.so.10 (0x00659000)
        libcrypto.so.10 => /usr/lib/libcrypto.so.10 (0x0030a000)
        libm.so.6 => /lib/libm.so.6 (0x004d2000)
        libdl.so.2 => /lib/libdl.so.2 (0x00fce000)
        libpthread.so.0 => /lib/libpthread.so.0 (0x00526000)
        libc.so.6 => /lib/libc.so.6 (0x00749000)
        libgssapi_krb5.so.2 => /lib/libgssapi_krb5.so.2 (0x00541000)
        libkrb5.so.3 => /lib/libkrb5.so.3 (0x00af2000)
        libcom_err.so.2 => /lib/libcom_err.so.2 (0x004fc000)
        libk5crypto.so.3 => /lib/libk5crypto.so.3 (0x00581000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x005ac000)
        /lib/ld-linux.so.2 (0x00e11000)
        libkrb5support.so.0 => /lib/libkrb5support.so.0 (0x00501000)
        libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x0050d000)
        libselinux.so.1 => /lib/libselinux.so.1 (0x00bfc000)
 
When I check a zip-archiv it shows this:
 

[root at mailscanner ~]# clamscan putty.zip

putty.zip: Sanesecurity.Foxhole.Zip_exe.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------
Known viruses: 4478278
Engine version: 0.98.6
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.25 MB (ratio 0.00:1)
Time: 16.959 sec (0 m 16 s)

 

 

[root at mailscanner ~]# clamscan putty.rar

putty.rar: OK

----------- SCAN SUMMARY -----------

Known viruses: 4478278
Engine version: 0.98.6
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.22 MB
Data read: 0.22 MB (ratio 1.00:1)
Time: 17.652 sec (0 m 17 s)

 
 
But this is maybe just a side-problem, I was hoping to get the filetype
recognition working in MS.
 
Here my Settings regarding rar/unrar  in MailScanner.conf:
 
Unrar Command = /usr/bin/unrar
Unrar Timeout = 50
 
 
Best regards
Volker

> Rick Cooper <rcooper at dwford.com> hat am 15. April 2015 um 02:03 geschrieben:
>
>
> Volker Dose wrote:
> > Hi,
> >
> > I have already configured the foxhole-stuff and it works brilliantly
> > on zip-files. But no effect on executables in rar-archives.
> >
> > I was reading, that clam has no support for opening and scanning
> > rar-archives because of license issues. I have the actual clamav
> > installed and even tried to compile from scratch, but no success
> > -rar-files are not scanned.
>
> ClamAv has had RAR capabilities since verion 0.90.
> Now, from what I remember Fedora does not include libunrar (even though it's
> free) and I think there version of the rpm uses the --disable-unrar switch
> as well. Don't remember if you are using fedora or not.
>
>
> Also you have to have unrar installed for MailScanner to unpack it.
> Look in the MailScanner.conf for
>
> MailScanner.conf:Unrar Command = /usr/bin/unrar
>
> And point it to your unrar binary
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20150415/e3d1a0e9/attachment.html>


More information about the MailScanner mailing list