[clamav-users] Strange Problem with a Virus inside a rar file

Tech tech at drees-dreessen.de
Thu Jul 26 05:49:20 EDT 2018


Hi guys,

i use clamav together with postfix on my internal mailserver to check 
all incoming and outgoing mails. Generally the virus detection works 
really well i also installed some of the unofficial signatures which 
even more so boosted the accuracy.

Last week we got a mail which contained a scr file inside a rar 
clamav-milter let it through and saying it's clean. After that the 
windows security essentials software on one of our clients detected the 
virus inside the rar package.

I then went to try out why it hasn't been dected (The unrared scr file 
get's detected easyly by clamav). So i went and tried out some more 
test-rar files, which were provided by clamav and other sources. All got 
detected and handled the way we wanted to.

I checked the mime-type if it really was a rar file but it was. Also 
checked if maybe the file was packed in a really new rar version but 
that also wasn't the case.

Using clamav 0.100.1.

I reinstalled clamav from the base package and set up everything again, 
still not able to detect that one specific scr in the rar file.

Maybe someone stumbled across a similar i could also provide the 
infected rar file if wanted.

Kind Regards
Drees




More information about the clamav-users mailing list