[clamav-users] Scan of RAR problem
Scott Kitterman
ubuntu at kitterman.com
Thu Apr 30 04:30:08 UTC 2015
On Wednesday, April 29, 2015 07:57:28 PM Kees Theunissen wrote:
> On Wed, 29 Apr 2015, jose-marcio martins da cruz wrote:
> > On 04/29/2015 06:20 PM, René Bellora wrote:
> >> El 29/04/15 a las 13:04, jose-marcio martins da cruz escibió:
> >>> Hello,
> >>>
> >>> I'm getting different results when scanning a infected email message.
> >>>
> >>> On a Sparc Solaris 10 (32 bits compiled), clamdscan tels me that the
> >>> message is infected : "Heuristics.Encrypted.RAR FOUND"
> >>>
> >>> Testing it on two 64 bits linux boxes (fedora and ubuntu), both tels
> >>> me that the message is clean.
> >>
> >> linux 32bits also report the message clean (with "ArchiveBlockEncrypted
> >> yes" in clamd.conf)
> >
> > Hmmm...
> >
> > On the Solaris boxes, there are libclamunrar* libraries, while there
> > aren't at Linux boxes...
> >
> > Clamav on Solaris boxes were compiled and installed from sources, while at
> > Linux boxes they come from distros...
> >
> > If I remember, there is a kind of licence problem with rar libraries...
>
> Debian has put the rar support in the "libclamunrar6" package in the
> "non-free" section of the repository. The clamav package doesn't even
> mention libclamunrar6 as a dependency or a recommended package.
> I guess that a formal dependancy on the non-free "libclamunrar6"
> package would have made clamav "non-free" too.
>
> I didn't check ubuntu but most likely ubuntu has a "libclamunrar6"
> package too as ubuntu is derived from debian.
> And I don't know anything about clamav in fedora.
Yes. Ubuntu is the same as Debian in this regard. No need to build from
source.
Scott K
More information about the clamav-users
mailing list