RE: [Clamav-users] Segfault on password protected rar?

Fri, 26 Mar 2004 10:14:45 -0800 


> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Ethan P
> Sent: Friday, March 26, 2004 10:32 AM
> To: [EMAIL PROTECTED]
> Subject: [Clamav-users] Segfault on password protected rar?
> 
> 
> I'm running ClamAV .65 on an RH9 system, with Qmail-Scanner-1.20RC3. 
> 
> The other day, the following worm slipped through my clamav scanner:
> Worm.Bagle.Gen-rarpwd 
> 
> At first, I thought it was a new rar file, and tried to submit it.  This 
> variant had already been input into the database.  Figuring that 
> I was just 
> out-of-date, I ran freshclam. 
> 
> I decided to grab the file and run clamscan on it -- just to make 
> sure that 
> it's being caught.  Upon a regular scan, clamav (clamscan) segfaults.  I 
> assumed that this is due to the file being password protected -- 
> so I re-ran 
> it with the --disable-archive option and sure enough, the worm was found: 
> 
> [EMAIL PROTECTED] root]# clamscan --disable-archive -i first_part.rar
> first_part.rar: Worm.Bagle.Gen-rarpwd FOUND 
> 
>  ----------- SCAN SUMMARY -----------
> Known viruses: 41298
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 0.02 MB
> I/O buffer size: 131072 bytes
> Time: 0.782 sec (0 m 0 s) 
> 
> 
> Problem is, when I send this file via email, ClamAV doesn't detect it.  I 
> assume it's segfaulting each time it scans this file. 
> 
> What's the best thing I can do at this point?  I want ClamAV to open 
> archives when possible, but I don't want it to segfault and allow 
> password 
> protected archived worms through. 
> 

Im not sure why its segfaulting, but upgrading to 0.70 may fix this problem.

Jim



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to