> On Fri, 28 Nov 2003 at 21:24:43 -0800, Chris Paul wrote: > > On Fri, 28 Nov 2003 18:24:02 +0100 > > Tomasz Papszun <[EMAIL PROTECTED]> wrote: > > > > > I have also seen stopped .doc files compressed with ratio 236. > > > And .dbf files with ratio 1101. Also, .wav files with ratio 1182. > > > > > > Users send quite strange things. So an admin may be forced to set > > > ZIPOSDET for some big value. > > > > > > I think that this parameter should be made runtime configurable (in > > > clamav.conf). Not every site compiles Clamav on its own. > > > > You only get this kind of full disclosure with an Open Source virus > > scanner. Thanks for that. > > > > Now I may have missed something, but I'm wondering what is the harm of > > setting it to 1500 or to 2000? Just to make sure to catch everything. > > > > Setting it to a very big value would cause catching "mail-bombs" also. > I.e., it would make you vulnerable to denial of service attacks based on > sending little .zip files but containing very big files inside (which > would be uncompressed for scanning, wasting huge amounts of system > resources). > > Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
The right solution is to decompress files block-by-block, and scanning only that block, like it is done for reading and scanning file from a descriptor. But this requires direct integration of unzip and scan code. I know that is possible with zlib (.gz) library. Don't know anything about zzip or any other zip decompressing code. ---------- Tomasz Klim, [EMAIL PROTECTED] http://www.euroneto.pl Phone: +48 61 8433535 Fax: +48 61 8434455 Euronet Sp. z o.o., Dabrowskiego 81/85, 60-529 Poznan, Poland ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
