[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ClamAV And unrar - Bug #465207

On Wednesday 27 February 2008, Nick Boyce wrote:
> But it seems to me that simply enabling the --unrar parameter of
> clamscan would not entail incorporating or distributing any unrar
> code at all - the code to parse the --unrar parameter and call the
> non-free unrar binary if specified surely belongs to ClamAV alone ?
> Thus the ClamAV package(s) could remain pure and free, while
> individual sysadmins could make their own decision about whether to
> install the non-free unrar binary package, and then request that
> clamscan call it.

Note that unrar-nonfree has no security support (like all packages in 
non-free) . Using it to automatically process potentially malicious 
content is a bad idea, IMHO. In fact, unrar-nonfree in stable had a 
security issue until the release of etch r3 (CVE-2007-0855).


Reply to: