[clamav-users] ClamAV libclamunrar bug ?
Steven Morgan
smorgan at sourcefire.com
Tue Nov 1 20:25:24 UTC 2016
Hi,
Thanks for reporting this.
Could you please open a bug report at bugzilla.clamav.net. Please also
attach the rar file to the bugzilla ticket.
Thanks,
Steve Morgan
On Mon, Oct 31, 2016 at 9:04 PM, Qmail <qmail at top-consulting.net> wrote:
> There's a new Javascript malware floating around in a RAR archive that
> somehow kills scanrar I believe.
> The virus gets properly detected when decompressed as:
> Sanesecurity.Malware.25834.JsHeur.UNOFFICIAL FOUND
> When the .js file is recompressed on my desktop to a .rar it also gets
> properly detected in the .rar file.
> However the original .rar file that arrived in the e-mail doesn't get
> flagged at all.
> I am running version 0.99.2 on CentOS 6.7.
> Running clamscan in debug mode shows some kind of corruption when reading
> the e-mail .rar file, although unrar unpacks it without problems:
> LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
> LibClamAV debug: Descriptor[3]: Can't unpack some data
> Anyone else saw this ? Is it a bug within libclamunrar ?
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
More information about the clamav-users
mailing list