On Fri, 28 Nov 2003 at 21:24:43 -0800, Chris Paul wrote: > On Fri, 28 Nov 2003 18:24:02 +0100 > Tomasz Papszun <[EMAIL PROTECTED]> wrote: > > > I have also seen stopped .doc files compressed with ratio 236. > > And .dbf files with ratio 1101. Also, .wav files with ratio 1182. > > > > Users send quite strange things. So an admin may be forced to set > > ZIPOSDET for some big value. > > > > I think that this parameter should be made runtime configurable (in > > clamav.conf). Not every site compiles Clamav on its own. > > You only get this kind of full disclosure with an Open Source virus > scanner. Thanks for that. > > Now I may have missed something, but I'm wondering what is the harm of > setting it to 1500 or to 2000? Just to make sure to catch everything. >
Setting it to a very big value would cause catching "mail-bombs" also. I.e., it would make you vulnerable to denial of service attacks based on sending little .zip files but containing very big files inside (which would be uncompressed for scanning, wasting huge amounts of system resources). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
