[Pkg-clamav-devel] 0.97.8 not detecting virus in RAR?
eRVee Moskovic
ervee at moskovic.org
Fri May 17 21:54:21 UTC 2013
On Fri, 17 May 2013 11:52:58 -0400 Scott Kitterman wrote:
>
> On Friday, May 17, 2013 05:18:38 PM eRVee Moskovic wrote:
> > Hi,
> >
> > I always check ClamAV updates with a few test and real virus files. After
> > the last update to 0.97.8 I noticed not all files where detected as a
> > Virus. The files not detected where both an eicar file in a RAR archive.
> >
> > The first time I noticed this is after the 0.97.8 update. This is the output
> > from a scan on rar-ed eicar files:
> >
> > webandmail:/tmp# clamscan ~/VIRUSES/Eicar-Test-Signatur/*.rar
> > /root/VIRUSES/Eicar-Test-Signatur/eicar.com.rar: OK
> > /root/VIRUSES/Eicar-Test-Signatur/eicar.com-with-newline.rar: OK
> >
> > ----------- SCAN SUMMARY -----------
> > Known viruses: 2311231
> > Engine version: 0.97.8
> > Scanned directories: 0
> > Scanned files: 2
> > Infected files: 0
> > Data scanned: 0.00 MB
> > Data read: 0.00 MB (ratio 0.00:1)
> > Time: 5.586 sec (0 m 5 s)
> > webandmail:/tmp# md5sum ~/VIRUSES/Eicar-Test-Signatur/*.rar
> > c329fba5cffdabeecd80a1cbf2711300
> > /root/VIRUSES/Eicar-Test-Signatur/eicar.com.rar
> > 4e34932863cc0f7f39ffd5cdce13a0f3
> > /root/VIRUSES/Eicar-Test-Signatur/eicar.com-with-newline.rar
> >
> > I have an old SuSE Server running my hand built and updated ClamAv and this
> > does detect the eicar in the RAR files:
> >
> > banana:/tmp # clamscan ~/VIRUSES/Eicar-Test-Signatur/*.rar
> > /root/VIRUSES/Eicar-Test-Signatur/eicar.com-with-newline.rar:
> > Eicar-Test-Signature FOUND
> > /root/VIRUSES/Eicar-Test-Signatur/eicar.com.rar: Eicar-Test-Signature FOUND
> >
> > ----------- SCAN SUMMARY -----------
> > Known viruses: 2311235
> > Engine version: 0.97.8
> > Scanned directories: 0
> > Scanned files: 2
> > Infected files: 2
> > Data scanned: 0.00 MB
> > Data read: 0.00 MB (ratio 0.00:1)
> > Time: 6.412 sec (0 m 6 s)
> > banana:/tmp # md5sum ~/VIRUSES/Eicar-Test-Signatur/*.rar
> > c329fba5cffdabeecd80a1cbf2711300
> > /root/VIRUSES/Eicar-Test-Signatur/eicar.com.rar
> > 4e34932863cc0f7f39ffd5cdce13a0f3
> > /root/VIRUSES/Eicar-Test-Signatur/eicar.com-with-newline.rar
> >
> > Did something change when building the 0.97.8 package or am I the only one
> > with this problem and could it be a problem on my system?
>
> Do you have libclamunrar installed?
>
> Scott K
Nope. I didn't know this package existed. And I don't have the non-free
sources listed in the apt sources file so I never saw it... I have installed
the libclamunrar6 deb package from the non-free/libc/libclamunrar/ and now it
is working.
Thank you for the hint.
--
Ralf.
More information about the Pkg-clamav-devel
mailing list