clamav 0.75 Oversized Zip

Dustin Baer dustin.baer at IHS.COM
Fri Aug 13 16:21:44 IST 2004


<x-flowed>
Hi All,

MailScanner-4.31.6
Sendmail 8.13.0
Solaris 2.9

I've been using Sophos, but have also just installed ClamAV 0.75 and am
having the Oversized Zip problem.  There are a few past threads in the
list concerning this in older version of ClamAV.   With 0.75, there is
an option in clamav.conf, which is supposed to take care of the problem:

    # Mark potential archive bombs as viruses (0 disables the limit)
    ArchiveMaxCompressionRatio 200

When I set this to "0" the files is still found to have Oversized Zip.

Before I write to the Clam list, I'll ask here...does MailScanner use
clamav.conf?  I think not, since moving clamav.conf out of the way
doesn't break anything else.

I've also uncommented the following line in lib/clamav-wrapper, with no
effect:

# Uncomment next line if you need to disable Clam's DoS protection
ExtraScanOptions="--max-files=0 --max-space=0 --max-recursion=0
$ExtraScanOptions"

Here is the output of a test

$ /opt/MailScanner/lib/clamav-wrapper /usr/local "13-aug-2004 08-25.pra"

/var/spool/MailScanner/quarantine/20040813/i7D6d02E026595/13-aug-2004
08-25.pra: Oversized.Zip FOUND

----------- SCAN SUMMARY -----------
Known viruses: 23388
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
I/O buffer size: 131072 bytes
Time: 4.645 sec (0 m 4 s)


Can anybody clue me into how I can stop the ClamAV checks that find
"Oversized.Zip FOUND"

Thanks,

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>



More information about the MailScanner mailing list