clamav 0.75 Oversized Zip
Dustin Baer
dustin.baer at IHS.COM
Fri Aug 13 16:21:44 IST 2004
<x-flowed>
Hi All,
MailScanner-4.31.6
Sendmail 8.13.0
Solaris 2.9
I've been using Sophos, but have also just installed ClamAV 0.75 and am
having the Oversized Zip problem. There are a few past threads in the
list concerning this in older version of ClamAV. With 0.75, there is
an option in clamav.conf, which is supposed to take care of the problem:
# Mark potential archive bombs as viruses (0 disables the limit)
ArchiveMaxCompressionRatio 200
When I set this to "0" the files is still found to have Oversized Zip.
Before I write to the Clam list, I'll ask here...does MailScanner use
clamav.conf? I think not, since moving clamav.conf out of the way
doesn't break anything else.
I've also uncommented the following line in lib/clamav-wrapper, with no
effect:
# Uncomment next line if you need to disable Clam's DoS protection
ExtraScanOptions="--max-files=0 --max-space=0 --max-recursion=0
$ExtraScanOptions"
Here is the output of a test
$ /opt/MailScanner/lib/clamav-wrapper /usr/local "13-aug-2004 08-25.pra"
/var/spool/MailScanner/quarantine/20040813/i7D6d02E026595/13-aug-2004
08-25.pra: Oversized.Zip FOUND
----------- SCAN SUMMARY -----------
Known viruses: 23388
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
I/O buffer size: 131072 bytes
Time: 4.645 sec (0 m 4 s)
Can anybody clue me into how I can stop the ClamAV checks that find
"Oversized.Zip FOUND"
Thanks,
Dustin
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>
More information about the MailScanner
mailing list