On Wednesday 16 February 2005 17:34, Nigel Horne shaped the electrons to say: > On Wednesday 16 Feb 2005 15:15, Scott Ryan wrote: > > On Wednesday 16 February 2005 16:26, Nigel Horne shaped the electrons to say: > > > On Wednesday 16 Feb 2005 14:18, Ted Fines wrote: > > > > FOUR MINUTES, 13 SECONDS for an 800k email. > > > > > > Look at the file again. It is NOT an 800k mail. It is over 200 emails > > > embedded within each other. By definition the largest message is about > > > 800K and the smallest is about 1K give or take, giving an average of > > > 400K (don't worry if the maths isn't too accurate). So thats about > > > 200x400K = c.80Mb. 0.80 didn't scan it properly and would have let a > > > virus through, 0.83 fixes that bug. > > > > My dillema is now this, we cannot upgrade to any version above 0.80 due > > to oversized mails potentially causing a DOS. What functionality am I > > missing out on (in a nutshell) by running 0.80? > > Are there many viruses that I will not be able to catch? > > I have seen this in the field, indeed the scans were added as the result of > a bug report. It's your decision on what to do.
I will just have to allow these types of mails to go unscanned. Four minutes to scan 1 will cause a DOS. Would it be possible to request that some kind of recursion limit be added here like there currently is on zip files? Just a thought... > > > Is there potentially a work around for these types of mails? > > > > regards -- Scott Ryan Telkom Internet _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
