Archive nested too deeply
Pravin Rane
pravin.rane at gmail.com
Sun Jul 23 07:01:38 IST 2006
Which virus scanner you are using? If it is clamav then check for
ArchiveMaxRecursion
in /etc/clamd.conf
I am just guessing this could be a problem. Its not bad to give it a try.
On 7/21/06, David Nalley <davidn at keymarkinc.com> wrote:
>
> >
> > My main query, I guess is that:
> >
> > Jul 21 14:27:58 postbox MailScanner[21712]: Files hidden in
> > very deeply nested archive in E084A13FB1A.22FE1
> >
> > doesn't really give me a hint as to whether I should be
> > changing the setting to 0/disabling it, or whether 5, 50 or
> > 500 will be better.
> >
> I think the issue is that if you allow it to unzip continuously it could
> lead to a situation where the virus scanner would time out and then pass
> on a potentially harmful attachment. In addition it would burn CPU
> cycles.
>
> Realistically, I think that you could open the zip files (assuming that
> they are legitimate) and determine depth and use depth+n to make it a
> non-issue. Unfortunately I don't really see a way of gunzip telling how
> deeply nested the file is, other than it is nested at least once more
> than the limit specified, and thus it has no way of giving you a hint.
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
--
Regards
Pravin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060723/cc662f34/attachment.html
More information about the MailScanner
mailing list