ClamAV || Oversized.zip
Peter Peters
P.G.M.Peters at utwente.nl
Wed Nov 22 14:49:22 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Erik van der Leun wrote on 21-11-2006 16:11:
> Hi,
>
> A ClamAV feature to protect against DoS alike attacks checking filesizes
> and such
> in zipfiles, creates this message, causing attachments to end up in the
> quarantine,
> although all other scanners claim the attachment is harmless...
>
> # clamscan test.zip
> test.zip: Oversized.Zip FOUND
I have seen this happen today too. To bad it was because a customer got
a message stating the file was quarantined. It turned out it wasn't.
As far as I can see it happens with these two configuration settings:
Quarantine Infections = yes
Quarantine Silent Viruses = no
Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Oversized Phishing
- --
Peter Peters, senior beheerder (Security)
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFZGNyelLo80lrIdIRAnWjAJwLZlK/R5Hwsbmk4jAZ3WH5GCDRLACfeB2S
C6CdZPVdexcA6Ue2mSoghLk=
=zur7
-----END PGP SIGNATURE-----
More information about the MailScanner
mailing list