[TUTORIAL] PMG 7 ClamAV RAR support

H

hata_ph

Well-Known Member
Nov 13, 2019
866
199
48
45
By default PMG 7 use clamav as it default antivirus scanner and also based on Debian as it base OS.
Due to RAR format is a proprietary file-format and Debian have policy to move all non-free package to the non-free repository.
Further more, PMG do not enable the non-free repo by default so it could cause problem detecting virus in rar format.

Btw, I hope Dev Team take notes of this important issue as no mention of this settings in the documentation. Since clamav is the default AV, should have enable the RAR support by default.

It is mentioned in the reference documentation - https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmg_package_repositories
(3.5.6 Other Repository Sources)

Code: 
root@pmg:~# clamscan eicar_com.zip
/root/eicar_com.zip: Win.Test.EICAR_HDB-1 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 8605212
Engine version: 0.103.5
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 16.637 sec (0 m 16 s)
Start Date: 2022:02:06 17:25:59
End Date:   2022:02:06 17:26:16

root@pmg:~# clamscan IMG-78293792.rar
/root/IMG-78293792.rar: OK

----------- SCAN SUMMARY -----------
Known viruses: 8605212
Engine version: 0.103.5
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.34 MB
Data read: 0.33 MB (ratio 1.05:1)
Time: 15.134 sec (0 m 15 s)
Start Date: 2022:02:06 17:26:49
End Date:   2022:02:06 17:27:05

1. To enable non-free repo, add the non-free repo to your /etc/apt/sources.list file.

Code: 
root@pmg:~# cat /etc/apt/sources.list
deb http://ftp.debian.org/debian bullseye main contrib non-free

deb http://ftp.debian.org/debian bullseye-updates main contrib non-free

# security updates
deb http://security.debian.org bullseye-security main contrib non-free

2. Update repository and install libclamunrar package.

Code: 
apt-get update
apt-get install libclamunrar

3. Run clamascan on the rar virus again.

Code: 
root@pmg:~# clamscan IMG-78293792.rar
/root/IMG-78293792.rar: Win.Packed.Pwsx-9936836-0 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 8605212
Engine version: 0.103.5
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.36 MB
Data read: 0.33 MB (ratio 1.10:1)
Time: 14.799 sec (0 m 14 s)
Start Date: 2022:02:06 17:34:27
End Date:   2022:02:06 17:34:42
 
Last edited:
  • Like
Reactions: killmasta93 and mijanek
Thank you, for buster pmg 6.4.4 do the following

add to the repo
Code: 
deb http://ftp.de.debian.org/debian buster main non-free

then install

Code: 
apt install libclamunrar9

Code: 
root@mail:~# clamscan IMG-78293792.rar
/root/IMG-78293792.rar: SecuriteInfo.com.Trojan.Hosts.49477.30444.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------
Known viruses: 12686301
Engine version: 0.103.5
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.12 MB
Data read: 0.33 MB (ratio 0.38:1)
Time: 37.413 sec (0 m 37 s)
Start Date: 2022:02:06 14:58:47
End Date:   2022:02:06 14:59:25
 
  • Like
Reactions: Stoiko Ivanov
  • Like
Reactions: hata_ph
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back