On Thu, 12 Aug 2004, Tomasz Kojm wrote: > On Thu, 12 Aug 2004 <[EMAIL PROTECTED]> wrote: > > I need to increase the ArchiveMaxCompressionRatio in clamscan as I > > have had a few zips being incorrectly identified as oversized zips. > > > > I first increased the ArchiveMaxCompressionRatio in clamav.conf but > > the zip file was still incorrectly identified. From reading the > > changelog it looks like that the ArchiveMaxCompressionRatio in > > clamav.conf is only applicable to clamd and not clamscan, is this > > assumption correct? If this is correct how do I increase the ratio in > > clamscan. > > Please use the --max-ratio option of clamscan (unfortunately it's not > listed in --help in stable versions).
I submitted a report yesterday about what looks like a bug in the calculation of max-ratio. Doesn't seem to happen on all files, but I have one that triggers it. Info about my file: blowfish# du -h 0704mm.zip unzipped/ 152K 0704mm.zip 1.7M unzipped/ So a --max-ratio of 12 should be sufficient (right?), but isn't. Even a --max-ratio of 93 isn't sufficient. The file isn't scanned correctly until --max-ratio is 94 or above. Testing with files I've *generated* that are compressible to certain ratios, clam appears to Do The Right Thing. Perhaps my file, and Dean's files, are broken in some interesting way? #clamscan -V clamscan / ClamAV version devel-20040811 blowfish# clamscan --max-ratio 12 0704mm.zip 0704mm.zip: Oversized.Zip FOUND blowfish# clamscan --max-ratio 13 0704mm.zip 0704mm.zip: Oversized.Zip FOUND blowfish# clamscan --max-ratio 93 0704mm.zip 0704mm.zip: Oversized.Zip FOUND blowfish# clamscan --max-ratio 94 0704mm.zip 0704mm.zip: OK I reported yesterday that this file was scanned correctly by 0.75.1, but I think I was mistaken: blowfish# clamscan -V clamscan / ClamAV version 0.75.1 blowfish# clamscan --max-ratio 93 0704mm.zip 0704mm.zip: Oversized.Zip FOUND blowfish# clamscan --max-ratio 94 0704mm.zip 0704mm.zip: OK Perhaps I just mis-understand what argument --max-ratio expects? -- Charlie Watts Brainstorm Internet 970 247-1442 x113 [EMAIL PROTECTED] http://www.brainstorminternet.net/ ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
