<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">body {min-height: 100px}
</style>
</head><body style="">
<div>
Hi,
</div>
<div>
</div>
<div>
yeah, maybe you'r right about my choice to use 32bit, I will conside this ;-)
</div>
<div>
</div>
<div>
But actually your hint was excatly, was I was hoping for, with that binary MS is scanning rar-Archives and was blocking an exe-file inside a rar-Archive.
</div>
<div>
</div>
<div>
Thanks so much!!
</div>
<div>
</div>
<div>
Best regards
</div>
<div>
Volker
</div>
<div>
</div>
<div>
</div>
<blockquote style="padding-left: 10px; margin-left: 0px; border-left-color: blue; border-left-width: 1px; border-left-style: solid; position: relative;" type="cite">
Jerry Benton <jerry.benton@mailborder.com> hat am 15. April 2015 um 10:22 geschrieben:
<br />
<br />Sigh ... its 2015 not 1993.
<div>
</div>
<div>
<a href="https://s3.amazonaws.com/mailborder/releases/stable/4.1.0/unrar-4.2.3-1.el6.rf.i686.rpm">https://s3.amazonaws.com/mailborder/releases/stable/4.1.0/unrar-4.2.3-1.el6.rf.i686.rpm</a>
</div>
<div>
<br />
<div>
<div style="color: #000000; text-transform: none; text-indent: 0px; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
<br class="Apple-interchange-newline" />-
</div>
<div style="color: #000000; text-transform: none; text-indent: 0px; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
Jerry Benton
</div>
<div style="color: #000000; text-transform: none; text-indent: 0px; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
<a href="http://www.mailborder.com">www.mailborder.com</a>
</div>
<div style="color: #000000; text-transform: none; text-indent: 0px; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
</div>
</div>
<br />
<div>
<blockquote type="cite">
<div>
On Apr 15, 2015, at 4:19 AM, Volker Dose <
<a href="mailto:vpdose@kirchenweg.de">vpdose@kirchenweg.de</a>> wrote:
</div>
<br class="Apple-interchange-newline" />
<div>
<div dir="auto">
<div>
Hi,
</div>
<div>
</div>
<div>
Thanks a lot for the link, But I am using a 32bit architektur, do you have a rpm for that also?
</div>
<div>
</div>
<div>
Best regards,
</div>
<div>
</div>
<div>
Volker
<br />
<br />Volker Dose
</div>
<div>
<br />Am 15.04.2015 um 09:42 schrieb Jerry Benton <
<a href="mailto:jerry.benton@mailborder.com">jerry.benton@mailborder.com</a>>:
<br />
<br />
</div>
<blockquote type="cite">
<div>
<a href="https://s3.amazonaws.com/mailborder/releases/stable/4.1.0/unrar-4.2.3-1.el6.rf.x86_64.rpm">https://s3.amazonaws.com/mailborder/releases/stable/4.1.0/unrar-4.2.3-1.el6.rf.x86_64.rpm</a>
<div>
<br />
<div>
<div style="text-transform: none; text-indent: 0px; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
<br class="Apple-interchange-newline" />-
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
Jerry Benton
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
<a href="http://www.mailborder.com/">www.mailborder.com</a>
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
</div>
</div>
<br />
<div>
<blockquote type="cite">
<div>
On Apr 15, 2015, at 3:37 AM, Volker Dose <
<a href="mailto:vpdose@kirchenweg.de">vpdose@kirchenweg.de</a>> wrote:
</div>
<br class="Apple-interchange-newline" />
<div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
Hi,
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
I am using CentOS and afaik there is no rar-Support compiled in - at least no sign of "libclamavunrar":
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
[root@mailscanner ~]# ldd /usr/bin/clamscan
<span class="Apple-converted-space"> </span>
<br /> linux-gate.so.1 => (0x00748000)
<span class="Apple-converted-space"> </span>
<br /> libclamav.so.6 => /usr/lib/libclamav.so.6 (0x008ef000)
<span class="Apple-converted-space"> </span>
<br /> libxml2.so.2 => /usr/lib/libxml2.so.2 (0x001bf000)
<span class="Apple-converted-space"> </span>
<br /> libz.so.1 => /lib/libz.so.1 (0x00f46000)
<span class="Apple-converted-space"> </span>
<br /> libbz2.so.1 => /lib/libbz2.so.1 (0x00515000)
<span class="Apple-converted-space"> </span>
<br /> libssl.so.10 => /usr/lib/libssl.so.10 (0x00659000)
<span class="Apple-converted-space"> </span>
<br /> libcrypto.so.10 => /usr/lib/libcrypto.so.10 (0x0030a000)
<span class="Apple-converted-space"> </span>
<br /> libm.so.6 => /lib/libm.so.6 (0x004d2000)
<span class="Apple-converted-space"> </span>
<br /> libdl.so.2 => /lib/libdl.so.2 (0x00fce000)
<span class="Apple-converted-space"> </span>
<br /> libpthread.so.0 => /lib/libpthread.so.0 (0x00526000)
<span class="Apple-converted-space"> </span>
<br /> libc.so.6 => /lib/libc.so.6 (0x00749000)
<span class="Apple-converted-space"> </span>
<br /> libgssapi_krb5.so.2 => /lib/libgssapi_krb5.so.2 (0x00541000)
<span class="Apple-converted-space"> </span>
<br /> libkrb5.so.3 => /lib/libkrb5.so.3 (0x00af2000)
<span class="Apple-converted-space"> </span>
<br /> libcom_err.so.2 => /lib/libcom_err.so.2 (0x004fc000)
<span class="Apple-converted-space"> </span>
<br /> libk5crypto.so.3 => /lib/libk5crypto.so.3 (0x00581000)
<span class="Apple-converted-space"> </span>
<br /> libresolv.so.2 => /lib/libresolv.so.2 (0x005ac000)
<span class="Apple-converted-space"> </span>
<br /> /lib/ld-linux.so.2 (0x00e11000)
<span class="Apple-converted-space"> </span>
<br /> libkrb5support.so.0 => /lib/libkrb5support.so.0 (0x00501000)
<span class="Apple-converted-space"> </span>
<br /> libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x0050d000)
<span class="Apple-converted-space"> </span>
<br /> libselinux.so.1 => /lib/libselinux.so.1 (0x00bfc000)
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
When I check a zip-archiv it shows this:
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
<p>[root@mailscanner ~]# clamscan putty.zip</p>
<p>putty.zip: Sanesecurity.Foxhole.Zip_exe.UNOFFICIAL FOUND</p>
<p>----------- SCAN SUMMARY -----------<br />Known viruses: 4478278<br />Engine version: 0.98.6<br />Scanned directories: 0<br />Scanned files: 1<br />Infected files: 1<br />Data scanned: 0.00 MB<br />Data read: 0.25 MB (ratio 0.00:1)<br />Time: 16.959 sec (0 m 16 s)</p>
<div>
</div>
<div>
</div>
<p>[root@mailscanner ~]# clamscan putty.rar</p>
<p>putty.rar: OK</p>
<p>----------- SCAN SUMMARY -----------</p>
<p>Known viruses: 4478278<span class="Apple-converted-space"> </span><br />Engine version: 0.98.6<span class="Apple-converted-space"> </span><br />Scanned directories: 0<span class="Apple-converted-space"> </span><br />Scanned files: 1<span class="Apple-converted-space"> </span><br />Infected files: 0<span class="Apple-converted-space"> </span><br />Data scanned: 0.22 MB<span class="Apple-converted-space"> </span><br />Data read: 0.22 MB (ratio 1.00:1)<span class="Apple-converted-space"> </span><br />Time: 17.652 sec (0 m 17 s)</p>
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
But this is maybe just a side-problem, I was hoping to get the filetype recognition working in MS.
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
Here my Settings regarding rar/unrar in MailScanner.conf:
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
Unrar Command = /usr/bin/unrar
<span class="Apple-converted-space"> </span>
<br />Unrar Timeout = 50
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
Best regards
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
Volker
</div>
<div style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;">
<br />> Rick Cooper <
<a href="mailto:rcooper@dwford.com">rcooper@dwford.com</a>> hat am 15. April 2015 um 02:03 geschrieben:
<span class="Apple-converted-space"> </span>
<br />>
<span class="Apple-converted-space"> </span>
<br />>
<span class="Apple-converted-space"> </span>
<br />> Volker Dose wrote:
<span class="Apple-converted-space"> </span>
<br />> > Hi,
<span class="Apple-converted-space"> </span>
<br />> >
<span class="Apple-converted-space"> </span>
<br />> > I have already configured the foxhole-stuff and it works brilliantly
<span class="Apple-converted-space"> </span>
<br />> > on zip-files. But no effect on executables in rar-archives.
<span class="Apple-converted-space"> </span>
<br />> >
<span class="Apple-converted-space"> </span>
<br />> > I was reading, that clam has no support for opening and scanning
<span class="Apple-converted-space"> </span>
<br />> > rar-archives because of license issues. I have the actual clamav
<span class="Apple-converted-space"> </span>
<br />> > installed and even tried to compile from scratch, but no success
<span class="Apple-converted-space"> </span>
<br />> > -rar-files are not scanned.
<span class="Apple-converted-space"> </span>
<br />>
<span class="Apple-converted-space"> </span>
<br />> ClamAv has had RAR capabilities since verion 0.90.
<span class="Apple-converted-space"> </span>
<br />> Now, from what I remember Fedora does not include libunrar (even though it's
<span class="Apple-converted-space"> </span>
<br />> free) and I think there version of the rpm uses the --disable-unrar switch
<span class="Apple-converted-space"> </span>
<br />> as well. Don't remember if you are using fedora or not.
<span class="Apple-converted-space"> </span>
<br />>
<span class="Apple-converted-space"> </span>
<br />>
<span class="Apple-converted-space"> </span>
<br />> Also you have to have unrar installed for MailScanner to unpack it.
<span class="Apple-converted-space"> </span>
<br />> Look in the MailScanner.conf for
<span class="Apple-converted-space"> </span>
<br />>
<span class="Apple-converted-space"> </span>
<br />> MailScanner.conf:Unrar Command = /usr/bin/unrar
<span class="Apple-converted-space"> </span>
<br />>
<span class="Apple-converted-space"> </span>
<br />> And point it to your unrar binary
<span class="Apple-converted-space"> </span>
<br />>
<span class="Apple-converted-space"> </span>
<br />>
<span class="Apple-converted-space"> </span>
<br />> --
<span class="Apple-converted-space"> </span>
<br />> MailScanner mailing list
<span class="Apple-converted-space"> </span>
<br />>
<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a>
<span class="Apple-converted-space"> </span>
<br />>
<a href="http://lists.mailscanner.info/listinfo/mailscanner">http://lists.mailscanner.info/listinfo/mailscanner</a>
<span class="Apple-converted-space"> </span>
<br />>
<span class="Apple-converted-space"> </span>
</div>
<br style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;" />
<br style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;" />
<span style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; float: none; display: inline; white-space: normal;">--<span class="Apple-converted-space"> </span></span>
<br style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;" />
<span style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; float: none; display: inline; white-space: normal;">MailScanner mailing list</span>
<br style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;" />
<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a>
<br style="text-transform: none; text-indent: 0px; font-family: Tahoma; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; word-spacing: 0px; white-space: normal;" />
<a href="http://lists.mailscanner.info/listinfo/mailscanner">http://lists.mailscanner.info/listinfo/mailscanner</a>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div>
<span></span>
<br />
<span></span>
<br />
<span>-- </span>
<br />
<span>MailScanner mailing list</span>
<br />
<span><a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a></span>
<br />
<span><a href="http://lists.mailscanner.info/listinfo/mailscanner">http://lists.mailscanner.info/listinfo/mailscanner</a></span>
<br />
<span></span>
</div>
</blockquote>
</div>
<br />
<br />--
<br />MailScanner mailing list
<br />
<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a>
<br />http://lists.mailscanner.info/listinfo/mailscanner
<br />
<br />
</div>
</blockquote>
</div>
</div>
</blockquote>
<div>
<br />
</div>
<blockquote style="padding-left: 10px; margin-left: 0px; border-left-color: blue; border-left-width: 1px; border-left-style: solid; position: relative;" type="cite">
<br />
<br />--
<br />MailScanner mailing list
<br />mailscanner@lists.mailscanner.info
<br />http://lists.mailscanner.info/listinfo/mailscanner
<br />
<br />
</blockquote>
<div>
<br />
</div>
</body></html>