Oversized zip?

Peter Bonivart peter at UCGBOOK.COM
Fri Nov 26 20:18:09 GMT 2004

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Fractal IT Dept. wrote:
> Hi everyone,
> One of our clients is complaining that when they zip documents and send
> them through our server, the file never arrives. After doing some
> investigation on my end, I see that the file is quarantined with a
> message saying "Report v11.zip contains Oversized Zip" and has been
> identified as "infected". According to the company, it looks like the
> file is just a quark document that has been zipped, so it's unlikely
> it's actually infected with anything.

Are you using Clam? Most virus scanners protect themselves from the "zip
of death", an archive that unpacks to a huge size. Clam calls it
Oversized.Zip but it's not actually a virus but a DOS attempt.

Some clean files can trigger this, like BMP image files compress very
well and it's usually the compression ratio that is used to determine this.

/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list