No filetype checks on RAR-archives
Volker Dose
vpdose at kirchenweg.de
Wed Apr 15 09:18:18 UTC 2015
Hi,
yeah, maybe you'r right about my choice to use 32bit, I will conside this ;-)
But actually your hint was excatly, was I was hoping for, with that binary MS
is scanning rar-Archives and was blocking an exe-file inside a rar-Archive.
Thanks so much!!
Best regards
Volker
> Jerry Benton <jerry.benton at mailborder.com> hat am 15. April 2015 um 10:22
> geschrieben:
>
> Sigh ... its 2015 not 1993.
>
>
> https://s3.amazonaws.com/mailborder/releases/stable/4.1.0/unrar-4.2.3-1.el6.rf.i686.rpm
>
>
> -
> Jerry Benton<http://www.mailborder.com>
>
>
>
> > > On Apr 15, 2015, at 4:19 AM, Volker Dose < vpdose at kirchenweg.de
> > > <mailto:vpdose at kirchenweg.de> > wrote:
> >
> > Hi,
> >
> > Thanks a lot for the link, But I am using a 32bit architektur, do you
> > have a rpm for that also?
> >
> > Best regards,
> >
> > Volker
> >
> > Volker Dose
> >
> > Am 15.04.2015 um 09:42 schrieb Jerry Benton <
> > jerry.benton at mailborder.com <mailto:jerry.benton at mailborder.com> >:
> >
> >
> > > > >
> > > > > https://s3.amazonaws.com/mailborder/releases/stable/4.1.0/unrar-4.2.3-1.el6.rf.x86_64.rpm
> > >
> > >
> > > -
> > > Jerry Benton<http://www.mailborder.com/>
> > >
> > >
> > >
> > > > > > > On Apr 15, 2015, at 3:37 AM, Volker Dose
> > > > > > > < vpdose at kirchenweg.de <mailto:vpdose at kirchenweg.de>
> > > > > > > > wrote:
> > > >
> > > > Hi,
> > > >
> > > > I am using CentOS and afaik there is no rar-Support
> > > > compiled in - at least no sign of "libclamavunrar":
> > > >
> > > >
> > > > [root at mailscanner ~]# ldd /usr/bin/clamscan
> > > > linux-gate.so.1 => (0x00748000)
> > > > libclamav.so.6 => /usr/lib/libclamav.so.6
> > > > (0x008ef000)
> > > > libxml2.so.2 => /usr/lib/libxml2.so.2 (0x001bf000)
> > > >
> > > > libz.so.1 => /lib/libz.so.1 (0x00f46000)
> > > > libbz2.so.1 => /lib/libbz2.so.1 (0x00515000)
> > > > libssl.so.10 => /usr/lib/libssl.so.10 (0x00659000)
> > > >
> > > > libcrypto.so.10 => /usr/lib/libcrypto.so.10
> > > > (0x0030a000)
> > > > libm.so.6 => /lib/libm.so.6 (0x004d2000)
> > > > libdl.so.2 => /lib/libdl.so.2 (0x00fce000)
> > > > libpthread.so.0 => /lib/libpthread.so.0
> > > > (0x00526000)
> > > > libc.so.6 => /lib/libc.so.6 (0x00749000)
> > > > libgssapi_krb5.so.2 => /lib/libgssapi_krb5.so.2
> > > > (0x00541000)
> > > > libkrb5.so.3 => /lib/libkrb5.so.3 (0x00af2000)
> > > > libcom_err.so.2 => /lib/libcom_err.so.2
> > > > (0x004fc000)
> > > > libk5crypto.so.3 => /lib/libk5crypto.so.3
> > > > (0x00581000)
> > > > libresolv.so.2 => /lib/libresolv.so.2 (0x005ac000)
> > > >
> > > > /lib/ld-linux.so.2 (0x00e11000)
> > > > libkrb5support.so.0 => /lib/libkrb5support.so.0
> > > > (0x00501000)
> > > > libkeyutils.so.1 => /lib/libkeyutils.so.1
> > > > (0x0050d000)
> > > > libselinux.so.1 => /lib/libselinux.so.1
> > > > (0x00bfc000)
> > > >
> > > > When I check a zip-archiv it shows this:
> > > >
> > > >
> > > > [root at mailscanner ~]# clamscan putty.zip
> > > >
> > > > putty.zip: Sanesecurity.Foxhole.Zip_exe.UNOFFICIAL FOUND
> > > >
> > > > ----------- SCAN SUMMARY -----------
> > > > Known viruses: 4478278
> > > > Engine version: 0.98.6
> > > > Scanned directories: 0
> > > > Scanned files: 1
> > > > Infected files: 1
> > > > Data scanned: 0.00 MB
> > > > Data read: 0.25 MB (ratio 0.00:1)
> > > > Time: 16.959 sec (0 m 16 s)
> > > >
> > > >
> > > >
> > > >
> > > > [root at mailscanner ~]# clamscan putty.rar
> > > >
> > > > putty.rar: OK
> > > >
> > > > ----------- SCAN SUMMARY -----------
> > > >
> > > > Known viruses: 4478278
> > > > Engine version: 0.98.6
> > > > Scanned directories: 0
> > > > Scanned files: 1
> > > > Infected files: 0
> > > > Data scanned: 0.22 MB
> > > > Data read: 0.22 MB (ratio 1.00:1)
> > > > Time: 17.652 sec (0 m 17 s)
> > > >
> > > >
> > > >
> > > > But this is maybe just a side-problem, I was hoping to get
> > > > the filetype recognition working in MS.
> > > >
> > > > Here my Settings regarding rar/unrar in MailScanner.conf:
> > > >
> > > > Unrar Command = /usr/bin/unrar
> > > > Unrar Timeout = 50
> > > >
> > > >
> > > > Best regards
> > > > Volker
> > > >
> > > > > Rick Cooper < rcooper at dwford.com
> > > > > <mailto:rcooper at dwford.com> > hat am 15. April 2015 um
> > > > > 02:03 geschrieben:
> > > > >
> > > > >
> > > > > Volker Dose wrote:
> > > > > > Hi,
> > > > > >
> > > > > > I have already configured the foxhole-stuff and it
> > > > > > works brilliantly
> > > > > > on zip-files. But no effect on executables in
> > > > > > rar-archives.
> > > > > >
> > > > > > I was reading, that clam has no support for opening and
> > > > > > scanning
> > > > > > rar-archives because of license issues. I have the
> > > > > > actual clamav
> > > > > > installed and even tried to compile from scratch, but
> > > > > > no success
> > > > > > -rar-files are not scanned.
> > > > >
> > > > > ClamAv has had RAR capabilities since verion 0.90.
> > > > > Now, from what I remember Fedora does not include
> > > > > libunrar (even though it's
> > > > > free) and I think there version of the rpm uses the
> > > > > --disable-unrar switch
> > > > > as well. Don't remember if you are using fedora or not.
> > > > >
> > > > >
> > > > > Also you have to have unrar installed for MailScanner to
> > > > > unpack it.
> > > > > Look in the MailScanner.conf for
> > > > >
> > > > > MailScanner.conf:Unrar Command = /usr/bin/unrar
> > > > >
> > > > > And point it to your unrar binary
> > > > >
> > > > >
> > > > > --
> > > > > MailScanner mailing list
> > > > > mailscanner at lists.mailscanner.info
> > > > > <mailto:mailscanner at lists.mailscanner.info>
> > > > > http://lists.mailscanner.info/listinfo/mailscanner
> > > > >
> > > >
> > > >
> > > > --
> > > > MailScanner mailing list
> > > > mailscanner at lists.mailscanner.info
> > > > <mailto:mailscanner at lists.mailscanner.info>
> > > > http://lists.mailscanner.info/listinfo/mailscanner
> > > >
> > > > > > >
> > > > >
> > > > >
> > >
> > > --
> > > MailScanner mailing list
> > > mailscanner at lists.mailscanner.info
> > > <mailto:mailscanner at lists.mailscanner.info>
> > > http://lists.mailscanner.info/listinfo/mailscanner
> > >
> > > > >
> >
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > <mailto:mailscanner at lists.mailscanner.info>
> > http://lists.mailscanner.info/listinfo/mailscanner
> >
> >
> > >
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20150415/70652b03/attachment.html>
More information about the MailScanner
mailing list