[clamav-users] possible rar issues when files have special characters
iulian stan
iulian at sphere.ro
Sun Oct 4 07:09:40 UTC 2020
Dear Ged, all,
I know that relying on the file extension is not perfect but i will say
it is covering most of the threats. Anyhow my raised question was about:
Why .exe is not detected when the file inside archive has a special
character?
This problem is manifesting only with RAR.
For files which don't have special character RAR is behaving as
expected.
Example:
touch CONSILIERE\ PLATA_Pdf.exe
echo test > CONSILIERE\ PLATA_Pdf.exe
rar a anothertest.rar CONSILIERE\ PLATA_Pdf.exe
clamscan -d ../../my_exe_in_archive.cdb anothertest.rar
/viruses/1/anothertest.rar: Archived_EXE.UNOFFICIAL FOUND
----------- SCAN SUMMARY -----------
Known viruses: 18
Engine version: 0.102.4
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.014 sec (0 m 0 s)
---
Best regards,
Iulian
On 2020-10-04 02:51, G.W. Haywood via clamav-users wrote:
> Hi there,
>
> On Sun, 4 Oct 2020, iulian stan via clamav-users wrote:
>
>> For the safety reasons I've decided to reject all exec files from all
>> known archives(that clamav supports) when emails are sent or received.
>> Today i saw that one just went trough and when i've started to debug.
>> Apparently if special characters(in my case Ă) are inside the rar
>> archive it is not behaving as expected.
>> ...
>> I am missing something or is really a bug ?
>
> Are you just relying on the file name to detemine whether or not it's
> an executable file? That's unreliable.
>
> Your problem could be in several places. Character sets are often a
> nightmare, and sometimes the system itself doesn't do what you expect.
>
> Can you confirm the same behaviour with a RAR file if it has no
> special characters in the name?
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list