Ethan,
Qmail-Scanner 1.21 has a new option:
--block-password-protected [yes|no] Defaults to "no". Setting this to "yes"
allows
you to quarantine any incoming zip files that are
password
protected. This is primarily to stop viruses such
as Bagle which
arrive within a password-protected zip file.
-----Original Message-----
From: Ethan P [mailto:[EMAIL PROTECTED]
Sent: Friday, March 26, 2004 7:32 AM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] Segfault on password protected rar?
I'm running ClamAV .65 on an RH9 system, with Qmail-Scanner-1.20RC3.
The other day, the following worm slipped through my clamav scanner:
Worm.Bagle.Gen-rarpwd
At first, I thought it was a new rar file, and tried to submit it. This
variant had already been input into the database. Figuring that I was just
out-of-date, I ran freshclam.
I decided to grab the file and run clamscan on it -- just to make sure that
it's being caught. Upon a regular scan, clamav (clamscan) segfaults. I
assumed that this is due to the file being password protected -- so I re-ran
it with the --disable-archive option and sure enough, the worm was found:
[EMAIL PROTECTED] root]# clamscan --disable-archive -i first_part.rar
first_part.rar: Worm.Bagle.Gen-rarpwd FOUND
----------- SCAN SUMMARY -----------
Known viruses: 41298
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.02 MB
I/O buffer size: 131072 bytes
Time: 0.782 sec (0 m 0 s)
Problem is, when I send this file via email, ClamAV doesn't detect it. I
assume it's segfaulting each time it scans this file.
What's the best thing I can do at this point? I want ClamAV to open
archives when possible, but I don't want it to segfault and allow password
protected archived worms through.
Thanks in advance,
Ethan Pinkert
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
