Hi there, On Sun, 4 Oct 2020, iulian stan via clamav-users wrote:
I know that relying on the file extension is not perfect but i will say it is covering most of the threats.
Understood, a pragmatic approach.
Anyhow my raised question was about: Why .exe is not detected when the file inside archive has a special character? This problem is manifesting only with RAR. For files which don't have special character RAR is behaving as expected.
Good question. Perhaps if you use the --leave-temps option and inspect the temporary files left after scanning it might shed some light on the issue. Have you checked the ClamAV Bugzilla issues to see if there's anything similar mentioned? Does the same thing also happen if you use clamdscan instead? Can you simply block all .rar files? I do that for mail, but I don't generally scan filesystems at all. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
