Gianluigi Tiesi wrote: > There is a reason if we (clamwin) changed this, we still prefer to skip > unknown files, and we don't need to care much about html and mail > files, so I've made some tweaks (not only this one) to save some > cpu cycles avoiding scan of unneeded files. > I'm aware that for a mail server scanner it's not the correct approach, > so in fact my post was only a "comment", it was never intended to > be in clamav tree. > A scan of a real pc hd can take ages, clamscan without any change > scans large avi files in raw mode (there is only a specific check for > anim riffs), other media files and e.g. iso files are also scanned in > raw mode. > 10-20gb of media/iso is not uncommon to find in a user pc, while > they are very unlikely to be in a mail. > Perhaps linux doesn't need itself to have a scanner for executable files > (linux but also the other unixes).
Long ago we started implementing a list of types which are always considered not harmful. Unfortunately it seems that no file type is currently safe by default as demonstrated by the gif and jpeg exploits. Maybe we should now handle safe_by_default filetypes via DCONF, so, in case an exploit (for i.e. image/png) comes out we are able to scan it anyway? _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
