[TUTORIAL] PMG 7 ClamAV RAR support

[hata_ph]

By default PMG 7 use clamav as it default antivirus scanner and also based on Debian as it base OS.
Due to RAR format is a proprietary file-format and Debian have policy to move all non-free package to the non-free repository.
Further more, PMG do not enable the non-free repo by default so it could cause problem detecting virus in rar format.

Btw, I hope Dev Team take notes of this important issue as no mention of this settings in the documentation. Since clamav is the default AV, should have enable the RAR support by default.

It is mentioned in the reference documentation - https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmg_package_repositories
(3.5.6 Other Repository Sources)

root@pmg:~# clamscan eicar_com.zip
/root/eicar_com.zip: Win.Test.EICAR_HDB-1 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 8605212
Engine version: 0.103.5
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 16.637 sec (0 m 16 s)
Start Date: 2022:02:06 17:25:59
End Date:   2022:02:06 17:26:16

root@pmg:~# clamscan IMG-78293792.rar
/root/IMG-78293792.rar: OK

----------- SCAN SUMMARY -----------
Known viruses: 8605212
Engine version: 0.103.5
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.34 MB
Data read: 0.33 MB (ratio 1.05:1)
Time: 15.134 sec (0 m 15 s)
Start Date: 2022:02:06 17:26:49
End Date:   2022:02:06 17:27:05

1. To enable non-free repo, add the non-free repo to your /etc/apt/sources.list file.

root@pmg:~# cat /etc/apt/sources.list
deb http://ftp.debian.org/debian bullseye main contrib non-free

deb http://ftp.debian.org/debian bullseye-updates main contrib non-free

# security updates
deb http://security.debian.org bullseye-security main contrib non-free

2. Update repository and install libclamunrar package.

apt-get update
apt-get install libclamunrar

3. Run clamascan on the rar virus again.

root@pmg:~# clamscan IMG-78293792.rar
/root/IMG-78293792.rar: Win.Packed.Pwsx-9936836-0 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 8605212
Engine version: 0.103.5
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.36 MB
Data read: 0.33 MB (ratio 1.10:1)
Time: 14.799 sec (0 m 14 s)
Start Date: 2022:02:06 17:34:27
End Date:   2022:02:06 17:34:42

 

[killmasta93]

Thank you, for buster pmg 6.4.4 do the following

add to the repo

deb http://ftp.de.debian.org/debian buster main non-free

then install

apt install libclamunrar9

root@mail:~# clamscan IMG-78293792.rar
/root/IMG-78293792.rar: SecuriteInfo.com.Trojan.Hosts.49477.30444.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------
Known viruses: 12686301
Engine version: 0.103.5
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.12 MB
Data read: 0.33 MB (ratio 0.38:1)
Time: 37.413 sec (0 m 37 s)
Start Date: 2022:02:06 14:58:47
End Date:   2022:02:06 14:59:25

 

[Stoiko Ivanov]

Btw, I hope Dev Team take notes of this important issue as no mention of this settings in the documentation.

It is mentioned in the reference documentation - https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmg_package_repositories
(3.5.6 Other Repository Sources)

Thanks for the writeup here in any case!

 

[hata_ph]

It is mentioned in the reference documentation - https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmg_package_repositories
(3.5.6 Other Repository Sources)

Thanks for the writeup here in any case!

Opps...my bad