ClamAVModule and csv files in zip files

Scott Silva ssilva at sgvwater.com
Mon Apr 9 16:04:12 IST 2007


Mick spake the following on 4/9/2007 3:55 AM:
> Hello.
> 
> I am currently running MailScanner which uses the clamavmodule.  The
> other day, I received 4 emails from ad-noreply at google.com and each of
> these emails has a )non-password protected) zip file and contained
> within each zip file was a file called report.csv.  However, MailScanner
> quarantined them even though clamscan reports that none of the zip files
> are infected.  Placing ad-no-reply at google.com in
> /etc/MailScanner/rules/virus-scan.rules results in those zip files as
> sent from ad-noreply at google.com now passing through unscanned but why
> were the files quarantined in the first place when clamscan says that
> they're uninfected?
> 
> Thanks,
> Mick.
Did it say that they were password protected?
Clamavmodule can also choke if they are over it's stated limit on how
compressed the file is.
Look in this area of conf;

# ClamAVModule only: set limits when scanning for viruses.
#
# The maximum recursion level of archives,
# The maximum number of files per batch,
# The maximum file of each file,
# The maximum compression ratio of archive.
# These settings *cannot* be the filename of a ruleset, only a simple number.
ClamAVmodule Maximum Recursion Level = 10
ClamAVmodule Maximum Files = 1000
ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes)
ClamAVmodule Maximum Compression Ratio = 950

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!



More information about the MailScanner mailing list