Your message dated Fri, 02 Nov 2018 03:27:55 +0000
with message-id <[email protected]>
and subject line Re: [Pkg-clamav-devel] Bug#912634: clamav scanner didn't
unpack RAR archives
has caused the Debian Bug report #912634,
regarding clamav scanner didn't unpack RAR archives
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
912634: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912634
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: clamav
Version: 0.100.2+dfsg-0+deb9u1
Severity: important
Tags: upstream
I've some problems with scanning RAR archives in emails. Clamav daemon in
debug mode don't show any info about
unpacking RAR archive:
...
Scanning test.rar
LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16)
LibClamAV debug: Recognized RAR file
LibClamAV debug: cache_check: 4f6ba332da60b249de2ec1964b084ab6 is negative
LibClamAV debug: Matched signature for file type RAR-SFX at 0
LibClamAV debug: matcher_run: performing regex matching on full map:
0+27(27) >= 27
...
And my test.docm file in archive didn't scanned by clamav. The same
test.docm file in ZIP or 7ZIP archive is
unpacked and scanned:
...
Scanning test.7z
LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16)
LibClamAV debug: Recognized 7zip file
LibClamAV debug: cache_check: 4faef2fe564a5679afca42c78c3a17af is negative
LibClamAV debug: cli_7unz: extracting test.docm
LibClamAV debug: CDBNAME:CL_TYPE_7Z:0:test.docm:0:31866:0:0:1800081078:(nil)
LibClamAV debug: FP SIGNATURE:
4faef2fe564a5679afca42c78c3a17af:201:TBEER.BLOCK_OFFICE_MACROS_
test.7z: TBEER.BLOCK_OFFICE_MACROS_DOCS_7ZIP.UNOFFICIAL FOUND
LibClamAV debug: cli_7unz: completed successfully
...
and my rule for docm files for ZIP and 7ZIP files works.
Similar rule for RAR archive didn't match.
Same problem exists in 0.100.1 stable version. Bug?
-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav
Config file: clamd.conf
-----------------------
BlockMax disabled
PreludeEnable disabled
PreludeAnalyzerName disabled
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile disabled
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "64"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "64"
ReadTimeout = "300"
CommandReadTimeout = "5"
SendBufTimeout = "200"
MaxQueue = "128"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User disabled
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "60000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA = "yes"
ExcludePUA disabled
IncludePUA = "Spy", "Script", "Server"
AlgorithmicDetection = "yes"
ScanPE = "yes"
ScanELF = "yes"
DetectBrokenExecutables disabled
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
PhishingAlwaysBlockCloak disabled
PhishingAlwaysBlockSSLMismatch disabled
PartitionIntersection disabled
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
OLE2BlockMacros disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ArchiveBlockEncrypted disabled
ForceToDisk disabled
MaxScanSize = "157286400"
MaxFileSize = "47185920"
MaxRecursion = "8"
MaxFiles = "10000"
MaxEmbeddedPE = "20971520"
MaxHTMLNormalize = "15728640"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "10485760"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "100000"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"
ScanOnAccess disabled
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
Config file: freshclam.conf
---------------------------
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.ru.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SafeBrowsing disabled
Bytecode = "yes"
clamav-milter.conf not found
Software settings
-----------------
Version: 0.100.2
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06
BZIP2 LIBXML2 PCRE ICONV JSON JIT
Database information
--------------------
Database directory: /var/lib/clamav
main.cvd: version 58, sigs: 4566249, built on Thu Jun 8 04:38:10 2017
[3rd Party] tbeer_exe.cdb: 32 sigs
[3rd Party] tbeer_old.cdb: 6 sigs
[3rd Party] tbeer_email.cdb: 8 sigs
[3rd Party] tbeer_html.cdb: 8 sigs
[3rd Party] tbeer.cdb: 8 sigs
[3rd Party] tbeer_java.cdb: 8 sigs
[3rd Party] tbeer_strange.cdb: 4 sigs
[3rd Party] tbeer_dll_reg_sys_etc.cdb: 11 sigs
[3rd Party] tbeer_others.cdb: 7 sigs
[3rd Party] tbeer_arch_in_arch.cdb: 18 sigs
bytecode.cld: version 327, sigs: 91, built on Thu Aug 9 07:43:48 2018
daily.cld: version 25079, sigs: 2137818, built on Thu Nov 1 04:17:10 2018
Total number of signatures: 6704268
Platform information
--------------------
uname: Linux 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u5 (2017-09-19) x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
Full OS version: Debian GNU/Linux 9.5 (stretch)
zlib version: 1.2.8 (1.2.8), compile flags: a9
Triple: x86_64-pc-linux-gnu
CPU: broadwell, Little-endian
platform id: 0x0a215d5d0806030001060300
Build information
-----------------
GNU C: 6.3.0 20170516 (6.3.0)
GNU C++: 6.3.0 20170516 (6.3.0)
CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2
CFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-6sLuAe/clamav-0.100.2+dfsg=.
-fstack-protector-strong -Wformat -Werror=forma
CXXFLAGS: -g -O2
-fdebug-prefix-map=/build/clamav-6sLuAe/clamav-0.100.2+dfsg=.
-fstack-protector-strong -Wformat -Werror=for
LDFLAGS: -Wl,-z,relro -Wl,-z,now -Wl,--as-needed
Configure: '--build=x86_64-linux-gnu' '--prefix=/usr'
'--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/
sizeof(void*) = 8
Engine flevel: 93, dconf: 93
--- data dir ---
total 266940
-rw-r--r-- 1 clamav clamav 951808 Aug 9 08:26 bytecode.cld
-rw-r--r-- 1 clamav clamav 154440704 Nov 1 05:25 daily.cld
-rw-r--r-- 1 clamav clamav 117892267 Jul 4 16:02 main.cvd
-rw------- 1 clamav clamav 572 Nov 1 09:25 mirrors.dat
-rw-r--r-- 1 clamav clamav 2140 Nov 1 09:11 tbeer.cdb
-rw-r--r-- 1 clamav clamav 4599 Nov 1 09:12 tbeer_arch_in_arch.cdb
-rw-r--r-- 1 clamav clamav 1418 Jul 18 12:49 tbeer_dll_reg_sys_etc.cdb
-rw-r--r-- 1 clamav clamav 804 Nov 1 09:12 tbeer_email.cdb
-rw-r--r-- 1 clamav clamav 6640 Nov 1 09:13 tbeer_exe.cdb
-rw-r--r-- 1 clamav clamav 1172 Nov 1 09:14 tbeer_html.cdb
-rw-r--r-- 1 clamav clamav 764 Nov 1 09:14 tbeer_java.cdb
-rw-r--r-- 1 clamav clamav 1293 Jul 18 09:40 tbeer_old.cdb
-rw-r--r-- 1 clamav clamav 1603 Nov 1 09:14 tbeer_others.cdb
-rw-r--r-- 1 clamav clamav 776 Oct 9 07:49 tbeer_strange.cdb
-- System Information:
Debian Release: 9.5
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-3-amd64 (SMP w/5 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
On November 2, 2018 1:11:49 AM UTC, Dmitriy <[email protected]> wrote:
>Package: clamav
>
>Version: 0.100.2+dfsg-0+deb9u1
>
>Severity: important
>
>Tags: upstream
>
>
>
>I've some problems with scanning RAR archives in emails. Clamav daemon
>in
>debug mode don't show any info about
>
>unpacking RAR archive:
>
>...
>
>Scanning test.rar
>
>LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16)
>
>LibClamAV debug: Recognized RAR file
>
>LibClamAV debug: cache_check: 4f6ba332da60b249de2ec1964b084ab6 is
>negative
>
>LibClamAV debug: Matched signature for file type RAR-SFX at 0
>
>LibClamAV debug: matcher_run: performing regex matching on full map:
>0+27(27) >= 27
This isn't a package bug. For unrar scanning you need to install libclamunrar7
from non-free.
Scott K
--- End Message ---
_______________________________________________
Pkg-clamav-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-clamav-devel
