[clamav-users] possible rar issues when files have special characters
iulian stan
iulian at sphere.ro
Sat Oct 3 22:14:25 UTC 2020
Dears,
For the safety reasons I've decided to reject all exec files from all
known archives(that clamav supports) when emails are sent or received.
Today i saw that one just went trough and when i've started to debug.
Apparently if special characters(in my case Ă) are inside the rar
archive it is not behaving as expected.
file db file looks like:
Archived_EXE:*:*:(?i)\.exe$:*:*:*:*:*:*
RAR test:(using rar 5.91 trial)
How to replicate:
touch CONSILIERE\ PLATĂ_Pdf.exe
echo test > CONSILIERE\ PLATĂ_Pdf.exe
rar a just.rar CONSILIERE\ PLATĂ_Pdf.exe
clamscan -d ../../my_exe_in_archive.cdb just.rar
viruses/1/just.rar: OK
----------- SCAN SUMMARY -----------
Known viruses: 18
Engine version: 0.102.4
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.014 sec (0 m 0 s)
For others like 7z/tar/zip everything looks ok:
Example:
7z a just.7z CONSILIERE\ PLATĂ_Pdf.exe
clamscan -d ../../my_exe_in_archive.cdb just.7z
viruses/1/just.7z: Archived_EXE.UNOFFICIAL FOUND
----------- SCAN SUMMARY -----------
Known viruses: 18
Engine version: 0.102.4
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.006 sec (0 m 0 s)
I am missing something or is really a bug ?
--
Best regards,
Iulian
More information about the clamav-users
mailing list