Archives and compressed files

All ClamAV scanners depend on LibClamAV. It has a built-in support for the following formats:

• Zip
• Gzip
• Bzip2
• RAR (2.0 only)

Archive types are determined by magic number tests.⁵ You need the zlib library for the Zip/Gzip support. Zip archives are accessed with the zziplib library by Guido Draheim and Tomi Ollila. RAR support is based on the UniquE RAR File Library by Christian Scheurer and Johannes Winkelmann. Both of them are included and slightly modified in the clamav sources. Unrarlib supports RAR 2.0 archives only and according to Christian the new format (introduced in WinRAR 3.0) will never be supported (however clamscan can scan WinRAR 3.0 archives, see below). Due to security reasons clamd only scans archives supported by libclamav and can't use external programs. Clamscan is more clever and can switch to the external unpacker when the built-in decompresor fails:

	$ clamscan --unrar test-failure.rar
	/home/zolw/Clam/test/test-failure.rar: RAR module failure.

	UNRAR 3.00 freeware      Copyright (c) 1993-2002 Eugene Roshal


	Extracting from /home/zolw/Clam/test/test-failure.rar

	Extracting  test1                                           OK 
	All OK
	/tmp/44694f5b2665d2f4/test1: ClamAV-Test-Signature FOUND
	/home/zolw/Clam/test/test-failure.rar: Infected Archive FOUND

TIP: You can force clamscan to list all infected files in archive using -disable-archive (it disables the built-in transparent decompressors) and -unzip -unrar....
If the scanner runs on a superuser level unpackers are executed with clamav privileges what makes the process far more secure. It also assures the clamav user has read access to all files. You must enable recursive scanning with the -r option (-recursive) in order to scan a whole content of an archive (including subdirectories), this option is also (usually) required to scan nested archive. External unpackers supported:

-unzip: Usually you don't need this option because Zip format is supported by libclamav. However it may be useful if libclamav fails to unzip some file. clamscan was tested with UnZip 5.41 of 16 April 2000, by Info-ZIP.
-unrar: Tested with UNRAR 3.00 freeware.
-arj: Tested with arj 3.10b.
-zoo: Tested with zoo 2.1.
-lha: Tested with LHa for Unix V 1.14e.
-jar: clamscan uses unzip for .jar files. Tested with UnZip 5.41 of 16 April 2000, by Info-ZIP.
-tar: This option enables support for non-compressed archives. Tested with GNU tar 1.13.17.
-deb: This option enables support for debian binary packages. Tested with GNU ar
2.12.90.0.14. Implies -tgz , but doesn't conflict with -tgz=FULLPATH
-tgz: This option supports .tar.gz and .tgz files. You need GNU tar, on non-Linux system you probably have it installed as gtar and if it can be found in $PATH please use -tgz=gtar to tell clamscan to use gtar instead of tar. Otherwise please supply a full path with -tgz