ClamAV || Oversized.zip
Charles Lacroix
clacroix at cegep-ste-foy.qc.ca
Tue Nov 21 15:32:50 GMT 2006
On Tuesday 21 November 2006 10:11, Erik van der Leun wrote:
> Hi,
>
> A ClamAV feature to protect against DoS alike attacks checking filesizes
> and such
> in zipfiles, creates this message, causing attachments to end up in the
> quarantine,
> although all other scanners claim the attachment is harmless...
>
> # clamscan test.zip
> test.zip: Oversized.Zip FOUND
>
> I've googled bits and pieces together and am pretty sure it's a flaw in
> ClamAV.
> Some dubious solutions are presented, by hacking sourcecode of
> libclamav, but
> I've decided to disable clamav for a while (on certain servers that is).
>
> If anybody's got better advice, I'd be grateful :)
>
> Kind regards,
> Erik van der Leun
Hi,
i would check this in clamd.conf
# If a file in an archive is compressed more than ArchiveMaxCompressionRatio
# times it will be marked as a virus (Oversized.ArchiveType, e.g.
Oversized.Zip)
# Value of 0 disables the limit.
# Default: 250
#ArchiveMaxCompressionRatio 300
Just bump it up enough to get your file to scan correctly or diable it.
--
Charles Lacroix, Administrateur UNIX.
Service des télécommunications et des technologies
Cégep de Sainte-Foy
(418) 659-6600 # 4266
More information about the MailScanner
mailing list