ClamAV || Oversized.zip
Ugo Bellavance
ugob at camo-route.com
Tue Nov 21 20:52:35 GMT 2006
Erik van der Leun wrote:
> Charles Lacroix wrote:
>> On Tuesday 21 November 2006 10:11, Erik van der Leun wrote:
>>
>>> Hi,
>>>
>>> A ClamAV feature to protect against DoS alike attacks checking filesizes
>>> and such
>>> in zipfiles, creates this message, causing attachments to end up in the
>>> quarantine,
>>> although all other scanners claim the attachment is harmless...
>>>
>>> # clamscan test.zip
>>> test.zip: Oversized.Zip FOUND
>>>
>>> I've googled bits and pieces together and am pretty sure it's a flaw in
>>> ClamAV.
>>> Some dubious solutions are presented, by hacking sourcecode of
>>> libclamav, but
>>> I've decided to disable clamav for a while (on certain servers that is).
>>>
>>> If anybody's got better advice, I'd be grateful :)
>>>
>>> Kind regards,
>>> Erik van der Leun
>>>
>>
>> Hi,
>>
>> i would check this in clamd.conf
>>
>>
>> # If a file in an archive is compressed more than ArchiveMaxCompressionRatio
>> # times it will be marked as a virus (Oversized.ArchiveType, e.g.
>> Oversized.Zip)
>> # Value of 0 disables the limit.
>> # Default: 250
>> #ArchiveMaxCompressionRatio 300
>>
>> Just bump it up enough to get your file to scan correctly or diable it.
>>
>>
> Sorry for bothering y'all :)
> using --max-ratio within MailScanner does what I hoped for :)
>
> Thanks for thinking along though
>
Could you explain in what file you made your change? clamav-wrapper?
How did you set the option exactly?
More information about the MailScanner
mailing list