Tomasz Kojm wrote:
Yes, the internal unpacker for rar archives doesn't handle v3 rar
archives. Try clamscan --unrar /path/to/unrar for this.
Funnily enough I was just about to compose a message about this on the
devel list but thought I'd better check here first.
I'm getting probably the same virus through and according to RAR it's (I
think) a version 2.9 file, not 3.x.
Maybe a cleverly crafted archive because Debians package "unrar -
Unarchiver for .rar files v0.0.1" cannot open it, but "unrar-nonfree
3.3.6-2" (which provides "UNRAR 3.30 freeware Copyright (c) 1993-2004
Eugene Roshal") can.
Anyway, the built in rar module in Clam fails with:
LibClamAV debug: unknown compression method: 29 (min=13 max=20)
or likely I misunderstand and it is a V3 archive with a compression
method of 29?
Steve
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
