[clamav-users] Strange Problem with a Virus inside a rar file
tech at drees-dreessen.de
Thu Jul 26 05:49:20 EDT 2018
i use clamav together with postfix on my internal mailserver to check
all incoming and outgoing mails. Generally the virus detection works
really well i also installed some of the unofficial signatures which
even more so boosted the accuracy.
Last week we got a mail which contained a scr file inside a rar
clamav-milter let it through and saying it's clean. After that the
windows security essentials software on one of our clients detected the
virus inside the rar package.
I then went to try out why it hasn't been dected (The unrared scr file
get's detected easyly by clamav). So i went and tried out some more
test-rar files, which were provided by clamav and other sources. All got
detected and handled the way we wanted to.
I checked the mime-type if it really was a rar file but it was. Also
checked if maybe the file was packed in a really new rar version but
that also wasn't the case.
Using clamav 0.100.1.
I reinstalled clamav from the base package and set up everything again,
still not able to detect that one specific scr in the rar file.
Maybe someone stumbled across a similar i could also provide the
infected rar file if wanted.
More information about the clamav-users