Hi, Thanks for reporting this.
Could you please open a bug report at bugzilla.clamav.net. Please also attach the rar file to the bugzilla ticket. Thanks, Steve Morgan On Mon, Oct 31, 2016 at 9:04 PM, Qmail <[email protected]> wrote: > There's a new Javascript malware floating around in a RAR archive that > somehow kills scanrar I believe. > The virus gets properly detected when decompressed as: > Sanesecurity.Malware.25834.JsHeur.UNOFFICIAL FOUND > When the .js file is recompressed on my desktop to a .rar it also gets > properly detected in the .rar file. > However the original .rar file that arrived in the e-mail doesn't get > flagged at all. > I am running version 0.99.2 on CentOS 6.7. > Running clamscan in debug mode shows some kind of corruption when reading > the e-mail .rar file, although unrar unpacks it without problems: > LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 > LibClamAV debug: Descriptor[3]: Can't unpack some data > Anyone else saw this ? Is it a bug within libclamunrar ? > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
