Anybody worried about RAR files?

[John Peacock]

There have been a couple of reports of viruses being distributed in RAR 
files, specifically the Bagle family, which is a problem since 
Symantec's AV scanner wasn't working properly with RAR files and in fact 
could actually execute the virus <DOH>.

The RAR file format does contain a known signature:
Magic bytes
    0x52 0x61 0x72 0x21 0x1a (Rar!<end-of-file>) at offset 0x00
so it should be trivial to figure out what the Base64 encoding should 
look like.  Then it could be added to a signatures_rar to use with 
Gavin's exe_filter...

John