ClamAV || Oversized.zip
Erik van der Leun
evanderleun at hal9000.nl
Tue Nov 21 15:44:04 GMT 2006
Charles Lacroix wrote:
> On Tuesday 21 November 2006 10:11, Erik van der Leun wrote:
>> A ClamAV feature to protect against DoS alike attacks checking filesizes
>> and such
>> in zipfiles, creates this message, causing attachments to end up in the
>> although all other scanners claim the attachment is harmless...
>> # clamscan test.zip
>> test.zip: Oversized.Zip FOUND
>> I've googled bits and pieces together and am pretty sure it's a flaw in
>> Some dubious solutions are presented, by hacking sourcecode of
>> libclamav, but
>> I've decided to disable clamav for a while (on certain servers that is).
>> If anybody's got better advice, I'd be grateful :)
>> Kind regards,
>> Erik van der Leun
> i would check this in clamd.conf
> # If a file in an archive is compressed more than ArchiveMaxCompressionRatio
> # times it will be marked as a virus (Oversized.ArchiveType, e.g.
> # Value of 0 disables the limit.
> # Default: 250
> #ArchiveMaxCompressionRatio 300
> Just bump it up enough to get your file to scan correctly or diable it.
Oops, sorry, should have told that...
I disabled the setting by setting it to 0
and it didn't make any difference..
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the MailScanner