ClamAV ||

Charles Lacroix clacroix at
Tue Nov 21 15:32:50 GMT 2006

On Tuesday 21 November 2006 10:11, Erik van der Leun wrote:
> Hi,
> A ClamAV feature to protect against DoS alike attacks checking filesizes
> and such
> in zipfiles, creates this message, causing attachments to end up in the
> quarantine,
> although all other scanners claim the attachment is harmless...
> # clamscan
> Oversized.Zip FOUND
> I've googled bits and pieces together and am pretty sure it's a flaw in
> ClamAV.
> Some dubious solutions are presented, by hacking sourcecode of
> libclamav, but
> I've decided to disable clamav for a while (on certain servers that is).
> If anybody's got better advice, I'd be grateful :)
> Kind regards,
> Erik van der Leun


i would check this in clamd.conf

# If a file in an archive is compressed more than ArchiveMaxCompressionRatio
# times it will be marked as a virus (Oversized.ArchiveType, e.g. 
# Value of 0 disables the limit.
# Default: 250
#ArchiveMaxCompressionRatio 300

Just bump it up enough to get your file to scan correctly or diable it. 

Charles Lacroix, Administrateur UNIX.
Service des télécommunications et des technologies
Cégep de Sainte-Foy
(418) 659-6600 # 4266

More information about the MailScanner mailing list