ClamAV || Oversized.zip

Peter Peters P.G.M.Peters at utwente.nl
Wed Nov 22 14:49:22 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Erik van der Leun wrote on 21-11-2006 16:11:
> Hi,
> 
> A ClamAV feature to protect against DoS alike attacks checking filesizes
> and such
> in zipfiles, creates this message, causing attachments to end up in the
> quarantine,
> although all other scanners claim the attachment is harmless...
> 
> # clamscan test.zip
> test.zip: Oversized.Zip FOUND

I have seen this happen today too. To bad it was because a customer got
a message stating the file was quarantined. It turned out it wasn't.

As far as I can see it happens with these two configuration settings:
Quarantine Infections = yes
Quarantine Silent Viruses = no
Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Oversized Phishing

- --
Peter Peters, senior beheerder (Security)
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFZGNyelLo80lrIdIRAnWjAJwLZlK/R5Hwsbmk4jAZ3WH5GCDRLACfeB2S
C6CdZPVdexcA6Ue2mSoghLk=
=zur7
-----END PGP SIGNATURE-----



More information about the MailScanner mailing list