Subject: clamav: should warn about the missing support for RAR files in a prominent place Package: clamav Version: 0.92~dfsg-1~volatile2 Severity: important
*** Please type your report below this line *** According to bug #460711, RAR support in the Debian package of clamav is missing for policy reasons. However, this fact is neither mentioned in a prominent place of the documentation, nor does clamscan warn about this fact. A huge number of malware is distributed as self-extracting RAR archives. The fact that clamav doesn't recognize files in this format _and_ does not warn about this creates a huge security gap for users who do not examine the source closely. I strongly suggest to add a warning about this, at least in a prominent place of the documentation. An even better solution would be to warn about this fact during startup, and/or to report such files as "UNKNOWN - can't check" or the like instead of "OK". Yours sincerely, Torsten Jerzembeck -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages clamav depends on: ii clamav-data 20080208.110200.5740 clamav data files ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries ii libclamav3 0.92~dfsg-1~volatile2 virus scanner library ii libgmp3c2 2:4.2.1+dfsg-4 Multiprecision arithmetic library ii zlib1g 1:1.2.3-13 compression library - runtime Versions of packages clamav recommends: pn arj <none> (no description available) ii clamav-base 0.92~dfsg-1~volatile2 base package for clamav, an anti-v pn unzoo <none> (no description available) -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
