jds, on 15 June 2011 - 02:29 AM, said:
... the following page shows that at least versions 9.0.6.* supported RAR decompression (the page relates to a security fix for the decompression engine) :
http://www.symantec....t&id=TECH102208
Unfortunately, there don't seem to be any publicly available upgrade paths from a version 9.0.X.* to a version 9.0.Y.* (which might even fix the broken real-time/on-access/auto-protection with current virus definitions)
Well, the plot thickens!
I re-read the above page from Symantec, this time paying attention to the irrelevant section about how to disable CAB and RAR scanning, and learnt that the DLL responsible for "decomposing" RAR files is called 'Dec2RAR.dll' and that the file 'Dec3.cfg' specifies which "decomposers" are enabled.
It was no surprise to find that the file 'Dec2RAR.dll' was missing from my SAV9 installation, and that of course, it wasn't listed in the 'Dec3.cfg' configuration file. What was surprising however, was that a version of 'Dec2RAR.dll' is actually included in the SAV9 installation package, at least as far back as version 9.0.0.338 (as file 'Dec2RAR.dll.007A9270_AFB4_4E86_AD37_A139D0C95AB2', within 'SAV\Data1.cab')!
So the capability to scan RAR files does seem to exist even in fairly old versions of SAV9, yet it never seems to get installed. The relevant DLL is never extracted during the installation, and the configuration file doesn't refer to it. Unfortunately, trying to remedy this situation manually, by extracting the DLL and editing the configuration file, wasn't successful. SAV still failed to scan a RAR file I had prepared for it with the EICAR signature file within. I guess there's some registry stuff that must also be required to enable this missing capability.
BTW, the 'Dec3Update9.exe' update that's given in the above web page refuses to run even with the help of KernelEx. After trying several options, I was finally able to extract its contents with the help of "Resource Hacker" (well recommended). By checking the extracted binaries via "Windows Explorer - Properties - Version - Original Filename", I now had 16 (correctly named) DLL files. However, they were not exactly the list given by Symantec, instead, there was a new version of 'rec2.dll' and no updated 'dec2rar.dll'. But that would be just "icing on the cake". No point worrying about an updated version of 'dec2rar.dll' if I can't convince SAV9 to use it, anyway!
Joe.
PS. Well, I've managed to find the missing 'Dec2RAR.dll' file (and the other associated v3.02.14.26 DLL's) that's supposed to be within 'Dec3Update9.exe', in a rather unexpected location :
ftp://ftp.symantec.c...10_Win64_GE.zip
(Using 7-Zip, extract via the path 'SAVCE_10.1.5.5010_Win64_GE.msp' -> 'PCW_CAB_SAV' -> 'Dec2RAR.dll.007A9270_AFB4_4E86_AD37_A139D0C95AB2')
This post has been edited by jds: 09 February 2012 - 08:51 PM
Frontpage
Forums
Tutorials
Members
Calendar
Subscription
Donate
Links
Contact 
Help
Back to top
