On Tue, Feb 01, 2005 at 06:06:45PM +0100, Ben Stuyts said: > Hi, > > I'm running clamav 0.81 under FreeBSD 5.3. Clamav has been letting some > (probably) trojans through which come in rar attachments. For example > this file: > > [aurora:/var/mail]167: unrar l NewPassword.rar > > UNRAR 3.40 freeware Copyright (c) 1993-2004 Alexander Roshal > > Archive NewPassword.rar > > Name Size Packed Ratio Date Time Attr CRC > Meth Ver > ------------------------------------------------------------------------ > ------- > NewPassword.txt > .exe 44024 27958 63% 31-01-05 23:46 .....A. 5659BCFD m3b 2.9 > ------------------------------------------------------------------------ > ------- > 1 44024 27958 63% > > But when I run clamscan, it fails with: > > [aurora:/var/mail]169: clamscan NewPassword.rar > NewPassword.rar: RAR module failure > NewPassword.rar: OK > > Any ideas what's wrong?
Yes, the internal unpacker for rar archives doesn't handle v3 rar archives. Try clamscan --unrar /path/to/unrar for this. -- -------------------------------------------------------------------------- | Stephen Gran | God instructs the heart, not by ideas, | | [EMAIL PROTECTED] | but by pains and contradictions. -- | | http://www.lobefin.net/~steve | De Caussade | --------------------------------------------------------------------------
pgp6k5qYZnjOM.pgp
Description: PGP signature
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
