ClamAV and 'Oversized Zip' problem

Peter Bates Peter.Bates at lshtm.ac.uk
Fri Jan 12 16:49:04 CET 2007


Hello all...

As far as I can see, this start happening about noon today.

Also apologies for it not being strictly a MailScanner problem.

Some zipfiles (possibly all, I haven't tested personally)
are being caught by the ClamAV-module as follows:

Quarantine: /var/spool/MailScanner/quarantine/20070112/9E4E7140314.1B7BB
    Report: ClamAV Module: STATA_files_2007-01-06.zip was infected: Oversized.Zip

# clamscan -V
ClamAV 0.88.7/2437/Thu Jan 11 23:59:09 2007
# clamscan -v STATA_files_2007-01-06.zip
Scanning STATA_files_2007-01-06.zip
STATA_files_2007-01-06.zip: OK

----------- SCAN SUMMARY -----------
Known viruses: 192337
Engine version: 0.88.7
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 20.59 MB
Time: 36.957 sec (0 m 36 s)

Yes, I know it's slow, it's a busy box with various sanesecurity and MSRBL additional definitions loaded.

However, it's clear ClamAV Module is identifying Zip files today as 'Oversized.Zip'
but the command line is okay.

This is MailScanner 4.56.8, with postfix as the MTA. Mail::ClamAV is 0.17.

Are there some settings for the ClamAV module or defaults it is picking up that might be causing this?

Any suggestions gratefully received before I start trying to talk to ClamAV developers.


-- 

--------------------------------------------------------------------------------------------------->
Peter Bates, Systems Support Officer, IT Services.
London School of Hygiene & Tropical Medicine.
Telephone:0207-958 8353 / Fax: 0207- 636 9838 



More information about the MailScanner mailing list