DOS and Oversized Zip
mailscan at PRIS.CA
Wed Feb 25 17:06:53 GMT 2004
On Mon, 23 Feb 2004, Kevin Spicer wrote:
> On Mon, 2004-02-23 at 18:11, MailScanner Mailbox wrote:
> > Anyways, there is some info I googled that mentions editing the scanners.c
> > file (specifically "ZIPOSDET") to increase the value. I don't see that
> > option available in clamav 0.67 so perhaps it is something I can set
> > within the mailscanner config file?
> > I have confirmed that the file being sent is a zip file containing 3 txt
> > files (one of them is 5mb) and it compresses down to 220kb.
> I think you'll find this is now configurable in clamav.conf
Right you are, I think......
I have had a look at the clamav.conf file and the man page clamav.conf.5
and the only thing I can see that might be it is "ArchiveMaxFileSize SIZE"
this defaults to 10mb. Does this mean that if a file is over 10mb it won't
be scanned or that MS will mark it as an oversized zip?
Or.... am I even looking at the right option, I am still getting more
"Denial of Service attack in message!" messages then I should be.
More information about the MailScanner