clamav-0.67 przestał kumać RARy
Jarosław Kamper
jack w jack.eu.org
Wto, 24 Lut 2004, 21:18:41 CET
Dnia wto 24. lutego 2004 14:42, Andrzej Zawadzki napisał:
> Jarosław Kamper wrote:
> > Użytkownik Andrzej Zawadzki napisał:
> >> Jarosław Kamper wrote:
> >>> Fragment clamd.log:
> >>>
> >>> Mon Feb 23 19:55:58 2004 -> Archive support enabled.
> >>> Mon Feb 23 19:55:58 2004 -> RAR support enabled.
> >>> Mon Feb 23 19:55:58 2004 -> Mail files support enabled.
> >>> Mon Feb 23 19:55:58 2004 -> Self checking every 3600 seconds.
> >>> Mon Feb 23 19:55:58 2004 -> Timeout set to 180 seconds.
> >>> Mon Feb 23 19:55:58 2004 -> SelfCheck: Database status OK.
> >>>
> >>> I fragment przy wysyłaniu RARa:
> >>>
> >>> Mon Feb 23 19:56:37 2004 ->
> >>> /var/spool/exim/scan/1AvLFr-0003XR-F5/1AvLFr-0003XR-F5-00000.rar:
> >>> RAR module failure. ERROR
> >>>
> >>> Kto popsuł, niech naprawi!
> >>
> >> Nic nie jest popsute.
> >> Pewnie to jest plik rar'a w wersji 3 - libclamav tego nie obsługuje
> >> - chyba problemy licencyjne... - więc clamd też nie.
> >
> > Chyba nie. Plik był zrobiony Naszym (PLDowym) rarem.
>
> Ale czy Raowym?
> Oto rar z Ra
Tak
> [root w szary mail]# rar
>
> RAR 2.90 Copyright (c) 1993-2001 Eugene Roshal 7 Sep 2001
[jack w pldmachine jack]$ rar
RAR 2.90 Copyright (c) 1993-2001 Eugene Roshal 7 Sep 2001
> [root w szary mail]# clamdscan c.rar
> /var/mail/c.rar: OK
>
> ----------- SCAN SUMMARY -----------
> Infected files: 0
> Time: 0.027 sec (0 m 0 s)
> [root w szary mail]# clamdscan c.rar
> /var/mail/c.rar: OK
>
> ----------- SCAN SUMMARY -----------
> Infected files: 0
> Time: 0.025 sec (0 m 0 s)
> [root w szary mail]# clamscan c.rar
> c.rar: OK
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 20793
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 0.31 MB
> I/O buffer size: 131072 bytes
> Time: 1.036 sec (0 m 1 s)
[jack w pldmachine jack]$ unrar x jarek.rar
UNRAR 3.10 freeware Copyright (c) 1993-2002 Eugene Roshal
Extracting from jarek.rar
Creating jarek OK
Extracting jarek/blobkgde.gif OK
[...]
All OK
[jack w pldmachine jack]$ clamdscan jarek.rar
/home/users/jack/jarek.rar: RAR module failure. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.171 sec (0 m 0 s)
[jack w pldmachine jack]$ clamscan jarek.rar
jarek.rar: RAR module failure.
jarek.rar: OK
----------- SCAN SUMMARY -----------
Known viruses: 20795
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.02 MB
I/O buffer size: 131072 bytes
Time: 23.697 sec (0 m 23 s)
==> /var/log/clamd.log <==
Tue Feb 24 21:11:07 2004
-> /var/spool/exim/scan/1AvitV-0004Za-Qj/1AvitV-0004Za-Qj-00000.rar: RAR
module failure. ERROR
==> /var/log//exim/main.log <==
2004-02-24 21:11:07 1AvitV-0004Za-Qj malware acl condition: clamd: ClamAV
returned /var/spool/exim/scan/1AvitV-0004Za-Qj/1AvitV-0004Za-Qj-00000.rar:
RAR module failure. ERROR
2004-02-24 21:11:07 1AvitV-0004Za-Qj H=pldworkstation.jack.eu.org
(pldworkstation) [192.168.0.2] U=jack F=<jack w jack.eu.org> temporarily
rejected after DATA
==> /var/log//exim/panic.log <==
2004-02-24 21:11:07 1AvitV-0004Za-Qj malware acl condition: clamd: ClamAV
returned /var/spool/exim/scan/1AvitV-0004Za-Qj/1AvitV-0004Za-Qj-00000.rar:
RAR module failure. ERROR
==> /var/log//exim/reject.log <==
2004-02-24 21:11:07 1AvitV-0004Za-Qj H=pldworkstation.jack.eu.org
(pldworkstation) [192.168.0.2] U=jack F=<jack w jack.eu.org> temporarily
rejected after DATA
Envelope-from: <jack w jack.eu.org>
Envelope-to: <jack w jack.ltd.pl>
P Received: from pldworkstation.jack.eu.org
([192.168.0.2] helo=pldworkstation ident=jack)
by jack.eu.org with smtp (Exim 4.30)
id 1AvitV-0004Za-Qj
for jack w jack.ltd.pl; Tue, 24 Feb 2004 21:11:05 +0100
P Received: from standard input (invoked by user jack)
by pldworkstation (OMTA/0.51) with id
pldworkstation.18006-0.1077653459
for <jack w jack.ltd.pl>; Tue, 24 Feb 2004 21:10:59 +0100 (CET)
F From: =?iso-8859-2?q?Jaros=B3aw_Kamper?= <jack w jack.eu.org>
T To: jack w jack.ltd.pl
Subject: rar
Date: Tue, 24 Feb 2004 21:10:58 +0100
User-Agent: KMail/1.6.1
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: Multipart/Mixed;
boundary="Boundary-00=_S/6OAXHR2TTb0we"
I Message-Id: <200402242110.58614.jack w jack.eu.org>
Message-ID: <pldworkstation.18006-0.1077653459 w pldworkstation>
==> /var/log/clamd.log <==
Tue Feb 24 21:12:40 2004 -> /home/users/jack/jarek.rar: RAR module
failure. ERROR
> >> Dla takich plików tylko: clamscan --unrar plik.rar
> >> Musisz mieć unrara ;-)
[jack w pldmachine jack]$ clamscan --unrar jarek.rar
/home/users/jack/jarek.rar: RAR module failure.
UNRAR 3.10 freeware Copyright (c) 1993-2002 Eugene Roshal
Extracting from /home/users/jack/jarek.rar
Creating jarek OK
Extracting jarek/blobkgde.gif OK
Extracting jarek/blobul1e.gif OK
Extracting jarek/blobul2e.gif OK
Extracting jarek/blobul3e.gif OK
Extracting jarek/bloc1111-1250.css OK
Extracting jarek/blorulee.gif OK
Extracting jarek/oferta.htm OK
Creating jarek/oferta_pliki OK
Extracting jarek/oferta_pliki/filelist.xml OK
Extracting jarek/oferta_pliki/image001.gif OK
Extracting jarek/oferta_pliki/image002.gif OK
All OK
(raw) /home/users/jack/jarek.rar: OK
----------- SCAN SUMMARY -----------
Known viruses: 20795
Scanned directories: 1
Scanned files: 1
Infected files: 0
Data scanned: 0.02 MB
I/O buffer size: 131072 bytes
Time: 17.570 sec (0 m 17 s)
Chyba jednak nie zeskanował tego :/
Więc jak mu to zaaplikować?
--
Jarosław Kamper <jack w jack.eu.org> http://jack.eu.org/
Więcej informacji o liście dyskusyjnej pld-devel-pl