[Pkg-clamav-devel] 0.97.8 not detecting virus in RAR?

[eRVee Moskovic]

Hi,

I always check ClamAV updates with a few test and real virus files. After the
last update to 0.97.8 I noticed not all files where detected as a Virus. The
files not detected where both an eicar file in a RAR archive.

The first time I noticed this is after the 0.97.8 update. This is the output
from a scan on rar-ed eicar files:

webandmail:/tmp# clamscan ~/VIRUSES/Eicar-Test-Signatur/*.rar
/root/VIRUSES/Eicar-Test-Signatur/eicar.com.rar: OK
/root/VIRUSES/Eicar-Test-Signatur/eicar.com-with-newline.rar: OK

----------- SCAN SUMMARY -----------
Known viruses: 2311231
Engine version: 0.97.8
Scanned directories: 0
Scanned files: 2
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 5.586 sec (0 m 5 s)
webandmail:/tmp# md5sum ~/VIRUSES/Eicar-Test-Signatur/*.rar
c329fba5cffdabeecd80a1cbf2711300  /root/VIRUSES/Eicar-Test-Signatur/eicar.com.rar
4e34932863cc0f7f39ffd5cdce13a0f3 
/root/VIRUSES/Eicar-Test-Signatur/eicar.com-with-newline.rar

I have an old SuSE Server running my hand built and updated ClamAv and this
does detect the eicar in the RAR files:

banana:/tmp # clamscan ~/VIRUSES/Eicar-Test-Signatur/*.rar
/root/VIRUSES/Eicar-Test-Signatur/eicar.com-with-newline.rar:
Eicar-Test-Signature FOUND
/root/VIRUSES/Eicar-Test-Signatur/eicar.com.rar: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 2311235
Engine version: 0.97.8
Scanned directories: 0
Scanned files: 2
Infected files: 2
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 6.412 sec (0 m 6 s)
banana:/tmp # md5sum ~/VIRUSES/Eicar-Test-Signatur/*.rar
c329fba5cffdabeecd80a1cbf2711300  /root/VIRUSES/Eicar-Test-Signatur/eicar.com.rar
4e34932863cc0f7f39ffd5cdce13a0f3 
/root/VIRUSES/Eicar-Test-Signatur/eicar.com-with-newline.rar

Did something change when building the 0.97.8 package or am I the only one
with this problem and could it be a problem on my system?

-- Ralf