ClamAV || Oversized.zip

Erik van der Leun evanderleun at hal9000.nl
Tue Nov 21 15:56:36 GMT 2006


Charles Lacroix wrote:
> On Tuesday 21 November 2006 10:11, Erik van der Leun wrote:
>   
>> Hi,
>>
>> A ClamAV feature to protect against DoS alike attacks checking filesizes
>> and such
>> in zipfiles, creates this message, causing attachments to end up in the
>> quarantine,
>> although all other scanners claim the attachment is harmless...
>>
>> # clamscan test.zip
>> test.zip: Oversized.Zip FOUND
>>
>> I've googled bits and pieces together and am pretty sure it's a flaw in
>> ClamAV.
>> Some dubious solutions are presented, by hacking sourcecode of
>> libclamav, but
>> I've decided to disable clamav for a while (on certain servers that is).
>>
>> If anybody's got better advice, I'd be grateful :)
>>
>> Kind regards,
>> Erik van der Leun
>>     
>
> Hi,
>
> i would check this in clamd.conf
>
>
> # If a file in an archive is compressed more than ArchiveMaxCompressionRatio
> # times it will be marked as a virus (Oversized.ArchiveType, e.g. 
> Oversized.Zip)
> # Value of 0 disables the limit.
> # Default: 250
> #ArchiveMaxCompressionRatio 300
>
> Just bump it up enough to get your file to scan correctly or diable it. 
>
>   
Sorry for bothering y'all :)
using --max-ratio within MailScanner does what I hoped for :)

Thanks for thinking along though
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061121/39487f94/attachment.html


More information about the MailScanner mailing list