[clamav-users] ClamAV libclamunrar bug ?

Qmail qmail at top-consulting.net
Mon Oct 31 21:04:55 EDT 2016

There's a new Javascript malware floating around in a RAR archive that somehow kills scanrar I believe.
The virus gets properly detected when decompressed as:
Sanesecurity.Malware.25834.JsHeur.UNOFFICIAL FOUND
When the .js file is recompressed on my desktop to a .rar it also gets properly detected in the .rar file.
However the original .rar file that arrived in the e-mail doesn't get flagged at all.
I am running version 0.99.2 on CentOS 6.7.
Running clamscan in debug mode shows some kind of corruption when reading the e-mail .rar file, although unrar unpacks it without problems:
LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
LibClamAV debug: Descriptor[3]: Can't unpack some data
Anyone else saw this ? Is it a bug within libclamunrar ?

More information about the clamav-users mailing list