workaround for "file size limit exceeded" messages?

Miguel Koren O'Brien de Lacy miguelk at KONSULTEX.COM.BR
Mon Nov 3 20:33:43 GMT 2003 

Julian;

I applied this (MS 4.24-5 on RH9 fully patched except the kernel) and I 
ran readnow.zip through it with a mail. It was found to be clean and 
delivered. But of course this is because Clam itself does not catch it. 
f-Prot on Windows does find W32.Mimail in it. I don't have a sample of 
the others that were causing problems (being found and still delivered) 
so I can't test. I sent this file to the Clam team this morning. If you 
would like to see it anyway, I can send it to you off list.

If you can send somehow me a sample of photos.zip I'll run it through 
also. Since I reverted to blocking *.zip it would have to be renamed. Of 
course, Clam finds that one so it may not make it anyway....

So all I can say at this point is that MS still works with the patch ;-)

Miguel

Julian Field wrote:

> Please can you try the attached patch for
> /usr/lib/MailScanner/MailScanner/SweepViruses.pm.
>
> Copy the patch file into /tmp and do this
>         cd /usr/lib/MailScanner/MailScanner
>         patch -p0 < /tmp/SweepViruses.pm.clam.patch
>
> Let me know if this solves the problem or not.
>
> At 17:38 03/11/2003, you wrote:
>
>> Is there a workaround for "file size limit exceeded" message issue 
>> that I'm
>> seeing in maillog whenever ClamAV detects either Worm.Mimail.C or 
>> Worm.Bics?
>>
>> It appears that ClamAV is correctly identifying the virus but that extra
>> status message is causing MailScanner to get confused and (I think) 
>> letting
>> the virus through. I just signed up to the ClamAV mailing list, and 
>> at least
>> one person is suggesting that this is a MailScanner issue.
>>
>> Any workarounds or fixes?
>>
>> Thanks,
>> Chris
>> -- 
>> Chris Yuzik
>> chris at fractalweb.com
>> 604-304-0444
>>
>> "Reality is that which, when you stop believing in it, doesn't go
>> away".
>>                 -- Philip K. Dick
>
>
> -- 
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654




-- 
Esta mensagem foi verificada pelo sistema de antivírus e
 acredita-se estar livre de perigo.

More information about the MailScanner mailing list