Package: clamav Version: 0.100.2+dfsg-0+deb9u1
Severity: important Tags: upstream I've some problems with scanning RAR archives in emails. Clamav daemon in debug mode don't show any info about unpacking RAR archive: ... Scanning test.rar LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized RAR file LibClamAV debug: cache_check: 4f6ba332da60b249de2ec1964b084ab6 is negative LibClamAV debug: Matched signature for file type RAR-SFX at 0 LibClamAV debug: matcher_run: performing regex matching on full map: 0+27(27) >= 27 ... And my test.docm file in archive didn't scanned by clamav. The same test.docm file in ZIP or 7ZIP archive is unpacked and scanned: ... Scanning test.7z LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized 7zip file LibClamAV debug: cache_check: 4faef2fe564a5679afca42c78c3a17af is negative LibClamAV debug: cli_7unz: extracting test.docm LibClamAV debug: CDBNAME:CL_TYPE_7Z:0:test.docm:0:31866:0:0:1800081078:(nil) LibClamAV debug: FP SIGNATURE: 4faef2fe564a5679afca42c78c3a17af:201:TBEER.BLOCK_OFFICE_MACROS_ test.7z: TBEER.BLOCK_OFFICE_MACROS_DOCS_7ZIP.UNOFFICIAL FOUND LibClamAV debug: cli_7unz: completed successfully ... and my rule for docm files for ZIP and 7ZIP files works. Similar rule for RAR archive didn't match. Same problem exists in 0.100.1 stable version. Bug? -- Package-specific info: --- configuration --- Checking configuration files in /etc/clamav Config file: clamd.conf ----------------------- BlockMax disabled PreludeEnable disabled PreludeAnalyzerName disabled LogFile = "/var/log/clamav/clamav.log" LogFileUnlock disabled LogFileMaxSize = "4294967295" LogTime = "yes" LogClean disabled LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" ExtendedDetectionInfo = "yes" PidFile disabled TemporaryDirectory disabled DatabaseDirectory = "/var/lib/clamav" OfficialDatabaseOnly disabled LocalSocket = "/var/run/clamav/clamd.ctl" LocalSocketGroup = "clamav" LocalSocketMode = "666" FixStaleSocket = "yes" TCPSocket disabled TCPAddr disabled MaxConnectionQueueLength = "64" StreamMaxLength = "26214400" StreamMinPort = "1024" StreamMaxPort = "2048" MaxThreads = "64" ReadTimeout = "300" CommandReadTimeout = "5" SendBufTimeout = "200" MaxQueue = "128" IdleTimeout = "30" ExcludePath disabled MaxDirectoryRecursion = "15" FollowDirectorySymlinks disabled FollowFileSymlinks disabled CrossFilesystems = "yes" SelfCheck = "3600" DisableCache disabled VirusEvent disabled ExitOnOOM disabled AllowAllMatchScan = "yes" Foreground disabled Debug disabled LeaveTemporaryFiles disabled User disabled Bytecode = "yes" BytecodeSecurity = "TrustSigned" BytecodeTimeout = "60000" BytecodeUnsigned disabled BytecodeMode = "Auto" DetectPUA = "yes" ExcludePUA disabled IncludePUA = "Spy", "Script", "Server" AlgorithmicDetection = "yes" ScanPE = "yes" ScanELF = "yes" DetectBrokenExecutables disabled ScanMail = "yes" ScanPartialMessages disabled PhishingSignatures = "yes" PhishingScanURLs = "yes" PhishingAlwaysBlockCloak disabled PhishingAlwaysBlockSSLMismatch disabled PartitionIntersection disabled HeuristicScanPrecedence disabled StructuredDataDetection disabled StructuredMinCreditCardCount = "3" StructuredMinSSNCount = "3" StructuredSSNFormatNormal = "yes" StructuredSSNFormatStripped disabled ScanHTML = "yes" ScanOLE2 = "yes" OLE2BlockMacros disabled ScanPDF = "yes" ScanSWF = "yes" ScanXMLDOCS = "yes" ScanHWP3 = "yes" ScanArchive = "yes" ArchiveBlockEncrypted disabled ForceToDisk disabled MaxScanSize = "157286400" MaxFileSize = "47185920" MaxRecursion = "8" MaxFiles = "10000" MaxEmbeddedPE = "20971520" MaxHTMLNormalize = "15728640" MaxHTMLNoTags = "2097152" MaxScriptNormalize = "10485760" MaxZipTypeRcg = "1048576" MaxPartitions = "50" MaxIconsPE = "100" MaxRecHWP3 = "16" PCREMatchLimit = "100000" PCRERecMatchLimit = "5000" PCREMaxFileSize = "26214400" ScanOnAccess disabled OnAccessMountPath disabled OnAccessIncludePath disabled OnAccessExcludePath disabled OnAccessExcludeRootUID disabled OnAccessExcludeUID disabled OnAccessMaxFileSize = "5242880" OnAccessDisableDDD disabled OnAccessPrevention disabled OnAccessExtraScanning disabled DevACOnly disabled DevACDepth disabled DevPerformance disabled DevLiblog disabled DisableCertCheck disabled Config file: freshclam.conf --------------------------- LogFileMaxSize = "4294967295" LogTime = "yes" LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" PidFile disabled DatabaseDirectory = "/var/lib/clamav" Foreground disabled Debug disabled UpdateLogFile = "/var/log/clamav/freshclam.log" DatabaseOwner = "clamav" Checks = "24" DNSDatabaseInfo = "current.cvd.clamav.net" DatabaseMirror = "db.ru.clamav.net", "database.clamav.net" PrivateMirror disabled MaxAttempts = "5" ScriptedUpdates = "yes" TestDatabases = "yes" CompressLocalDatabase disabled ExtraDatabase disabled DatabaseCustomURL disabled HTTPProxyServer disabled HTTPProxyPort disabled HTTPProxyUsername disabled HTTPProxyPassword disabled HTTPUserAgent disabled NotifyClamd = "/etc/clamav/clamd.conf" OnUpdateExecute disabled OnErrorExecute disabled OnOutdatedExecute disabled LocalIPAddress disabled ConnectTimeout = "30" ReceiveTimeout = "30" SafeBrowsing disabled Bytecode = "yes" clamav-milter.conf not found Software settings ----------------- Version: 0.100.2 Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE ICONV JSON JIT Database information -------------------- Database directory: /var/lib/clamav main.cvd: version 58, sigs: 4566249, built on Thu Jun 8 04:38:10 2017 [3rd Party] tbeer_exe.cdb: 32 sigs [3rd Party] tbeer_old.cdb: 6 sigs [3rd Party] tbeer_email.cdb: 8 sigs [3rd Party] tbeer_html.cdb: 8 sigs [3rd Party] tbeer.cdb: 8 sigs [3rd Party] tbeer_java.cdb: 8 sigs [3rd Party] tbeer_strange.cdb: 4 sigs [3rd Party] tbeer_dll_reg_sys_etc.cdb: 11 sigs [3rd Party] tbeer_others.cdb: 7 sigs [3rd Party] tbeer_arch_in_arch.cdb: 18 sigs bytecode.cld: version 327, sigs: 91, built on Thu Aug 9 07:43:48 2018 daily.cld: version 25079, sigs: 2137818, built on Thu Nov 1 04:17:10 2018 Total number of signatures: 6704268 Platform information -------------------- uname: Linux 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u5 (2017-09-19) x86_64 OS: linux-gnu, ARCH: x86_64, CPU: x86_64 Full OS version: Debian GNU/Linux 9.5 (stretch) zlib version: 1.2.8 (1.2.8), compile flags: a9 Triple: x86_64-pc-linux-gnu CPU: broadwell, Little-endian platform id: 0x0a215d5d0806030001060300 Build information ----------------- GNU C: 6.3.0 20170516 (6.3.0) GNU C++: 6.3.0 20170516 (6.3.0) CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2 CFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-6sLuAe/clamav-0.100.2+dfsg=. -fstack-protector-strong -Wformat -Werror=forma CXXFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-6sLuAe/clamav-0.100.2+dfsg=. -fstack-protector-strong -Wformat -Werror=for LDFLAGS: -Wl,-z,relro -Wl,-z,now -Wl,--as-needed Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/ sizeof(void*) = 8 Engine flevel: 93, dconf: 93 --- data dir --- total 266940 -rw-r--r-- 1 clamav clamav 951808 Aug 9 08:26 bytecode.cld -rw-r--r-- 1 clamav clamav 154440704 Nov 1 05:25 daily.cld -rw-r--r-- 1 clamav clamav 117892267 Jul 4 16:02 main.cvd -rw------- 1 clamav clamav 572 Nov 1 09:25 mirrors.dat -rw-r--r-- 1 clamav clamav 2140 Nov 1 09:11 tbeer.cdb -rw-r--r-- 1 clamav clamav 4599 Nov 1 09:12 tbeer_arch_in_arch.cdb -rw-r--r-- 1 clamav clamav 1418 Jul 18 12:49 tbeer_dll_reg_sys_etc.cdb -rw-r--r-- 1 clamav clamav 804 Nov 1 09:12 tbeer_email.cdb -rw-r--r-- 1 clamav clamav 6640 Nov 1 09:13 tbeer_exe.cdb -rw-r--r-- 1 clamav clamav 1172 Nov 1 09:14 tbeer_html.cdb -rw-r--r-- 1 clamav clamav 764 Nov 1 09:14 tbeer_java.cdb -rw-r--r-- 1 clamav clamav 1293 Jul 18 09:40 tbeer_old.cdb -rw-r--r-- 1 clamav clamav 1603 Nov 1 09:14 tbeer_others.cdb -rw-r--r-- 1 clamav clamav 776 Oct 9 07:49 tbeer_strange.cdb -- System Information: Debian Release: 9.5 APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/5 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
