libclamunrar needs updated to 0.103.x to match clamav

The RAR licence is "non-Free".

21.04/Hirsute has libclamunrar and libclamunrar9 (I think in the "non-free" packages):

I note that these are version 0.102.3-3
which is older than my clamav 0.103.2+dfsg-ubuntu0.21.04.1

# apt show libclamunrar
Package: libclamunrar
Version: 0.102.3-3
Priority: optional
Section: multiverse/libs
Origin: Ubuntu
Maintainer: Ubuntu Developers <email address hidden>
Original-Maintainer: ClamAV Team <email address hidden>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 20.5 kB
Depends: libclamunrar9
Homepage: https://www.clamav.net/
Download-Size: 4,972 B
APT-Manual-Installed: yes
APT-Sources: http://gb.archive.ubuntu.com/ubuntu hirsute/multiverse amd64 Packages
Description: anti-virus utility for Unix - unrar support
 Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this
 software is the integration with mail servers (attachment scanning). The
 package provides a flexible and scalable multi-threaded daemon in the
 clamav-daemon package, a command-line scanner in the clamav package, and a
 tool for automatic updating via the Internet in the clamav-freshclam
 package. The programs are based on libclamav9, which can be used by other
 software.
 .
 This metapackage depends on the current libclamunrarX binary library to
 ensure a new libclamunrarY will be installed after a soname update.

Package: libclamunrar9
Version: 0.102.3-3
Priority: optional
Section: multiverse/libs
Source: libclamunrar
Origin: Ubuntu
Maintainer: Ubuntu Developers <email address hidden>
Original-Maintainer: ClamAV Team <email address hidden>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 311 kB
Depends: libclamav9, libc6 (>= 2.14), libgcc-s1 (>= 3.0), libstdc++6 (>= 5)
Homepage: https://www.clamav.net/
Download-Size: 121 kB
APT-Manual-Installed: yes
APT-Sources: http://gb.archive.ubuntu.com/ubuntu hirsute/multiverse amd64 Packages
Description: anti-virus utility for Unix - unrar support
 Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this
 software is the integration with mail servers (attachment scanning). The
 package provides a flexible and scalable multi-threaded daemon in the
 clamav-daemon package, a command-line scanner in the clamav package, and a
 tool for automatic updating via the Internet in the clamav-freshclam
 package. The programs are based on libclamav9, which can be used by other
 software.
 .
 This package provides support for RAR packaged files or mail attachments.
 Support will be available once this package is installed and clamd or a
 local clamscan is restarted.

Thanks for investigating this Andrew, and it looks like you're right that RAR support is not installed by default with clamav, presumably due to the licensing situation. The clamav binary package does have a Suggests on libclamunrar though, and the packages appear to co-install ok.

It also does look to be the case that the version numbers are mismatched. libclamunrar appears to be an extraction of a subdir from the clamav git repo, so presumably when Debian updated clamav to 103.0, libclamunrar should have been updated as well. There is a bug report in Debian's libclamunrar package that suggests this might be just due to insufficient manpower. Likely, a volunteer to help with this package in Debian would be well received.

Should be updated in sync with
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1957996
to either 0.103.5 or 0.104.2

Status changed to 'Confirmed' because the bug affects multiple users.

https://blog.clamav.net/2023/08/clamav-120-feature-version-and-111-102.html
says that to avoid CVE-2023-40477 we should to update to clamav 1.2.0, 1.1.1, 1.0.2 or 0.103.10

Thanks. I filed a separate bug report about CVE-2023-40477 possibly affecting libclamunrar:

https://bugs.launchpad.net/ubuntu/+source/libclamunrar/+bug/2035824

Please note that the package is in multiverse, meaning that it relies on community support.