* Joachim Schipper wrote: > On Thu, Jan 11, 2007 at 10:45:32PM +0100, Marc Balmer wrote: > > * Joachim Schipper wrote: > > > On Thu, Jan 11, 2007 at 02:23:22PM +0100, Antoine Jacoutot wrote: > > > > On Thu, 11 Jan 2007, Lars Olsson wrote: > > > > >with arj 3.14a that was able to open in OpenBSD. Conclusion: Remove > > > > >unarj from the ports tree because it doesn't work anyway. > > > > > > > > Can't it be updated? > > > > > > Even if it cannot be, arj is mostly a legacy format. If you agree with > > > this assertion, not being able to read the very latest version is not > > > that big a problem. > > > > software like virus scanners should be able to decode it. it would thus > > be a plus if we can decode old and new arj files (for clamav, e.g.). > > I see your point. However, a good look at the vulnerabilities in some of > the more obscure decoders ClamAV uses tends to lead me to believing that > just blocking any archive that isn't .zip, .tgz or .tar.bz2 is a better > solution [1].
here, we actually do this (using mail/smtp-vilter). > This shouldn't be read as criticism of ClamAV, however - while the > general idea of a virus scanner is not a terribly good one, within the > limitations of its design ClamAV performs rather well. oh, you can critize ClamaAV at will, I am not involved with them, I just maintain the port. so maybe a kind soul will eventually update arj...
