On Friday 12 January 2007 06:50, Marc Balmer wrote: > * Joachim Schipper wrote: > > On Thu, Jan 11, 2007 at 10:45:32PM +0100, Marc Balmer wrote: > > > * Joachim Schipper wrote: > > > > On Thu, Jan 11, 2007 at 02:23:22PM +0100, Antoine Jacoutot wrote: > > > > > On Thu, 11 Jan 2007, Lars Olsson wrote: > > > > > >with arj 3.14a that was able to open in OpenBSD. Conclusion: > > > > > > Remove unarj from the ports tree because it doesn't work > > > > > > anyway. > > > > > > > > > > Can't it be updated? > > > > > > > > Even if it cannot be, arj is mostly a legacy format. If you > > > > agree with this assertion, not being able to read the very > > > > latest version is not that big a problem. > > > > > > software like virus scanners should be able to decode it. it > > > would thus be a plus if we can decode old and new arj files (for > > > clamav, e.g.). > > > > I see your point. However, a good look at the vulnerabilities in > > some of the more obscure decoders ClamAV uses tends to lead me to > > believing that just blocking any archive that isn't .zip, .tgz or > > .tar.bz2 is a better solution [1]. > > here, we actually do this (using mail/smtp-vilter). > > > This shouldn't be read as criticism of ClamAV, however - while the > > general idea of a virus scanner is not a terribly good one, within > > the limitations of its design ClamAV performs rather well. > > oh, you can critize ClamaAV at will, I am not involved with them, I > just maintain the port. > > so maybe a kind soul will eventually update arj...
Being able to uncompress and scan inside of standard archive formats is probably a good thing. As for being able to create new arj/arj32 archives (a reasonably obsolete format), well, that might be a different story. It seems the versions mentioned are mixed up in the original post by Lars; the 3.14a version mentioned is the current commercial version of the full arj32 compressor/uncompressor for ms-windows, not the unarj uncompressor. The free but commercial unarj program is at version 2.65 (unarj-2.43 is in ports) and comes with source code but it's a ms-windows self-extracting executable. http://www.arjsoftware.com/files.htm The source code used/downloaded in our ports tree is just a repackaging of the source that came with the windows self-extractor. I've diffed the stuff we use against the current source from the win32 self-extractor and there only a handful of differences, so fixing the unarj port is not a big deal... -BUT... A better answer is to replace the commercial unarj uncompressor with the free, open source compressor/uncompressor available here: http://arj.sourceforge.net/ I'll do the work, but tell me which way you want to go. jcr
