-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ted Fines wrote: > --On Thursday, February 17, 2005 3:38 PM +0000 Nigel Horne > <[EMAIL PROTECTED]> wrote: > >> On Thursday 17 Feb 2005 15:07, Tomasz Kojm wrote: >> >>> On Thu, 17 Feb 2005 11:50:11 +0000 (GMT) >>> Andy Fiddaman <[EMAIL PROTECTED]> wrote: >>> >>> > Kind of.. there's a limit for how many times the mail scanner is >>> > invoked, (such as for a message with zip containing message containing >>> > zip containing message...), but not for mime recursion.. i.e. >>> > parseEmailBody recurses through embedded MIME parts with no recursion >>> > checking. >>> >>> I can't help you here as my knowledge on a mail structure is very >>> limited. That limit and its implementation will have to be discussed >>> with Nigel. >> >> >> The recursive blocking was taken out some time ago after a LOT of >> pressure >> in this list and through personal emails (there used to be a hardcoded >> limit of 10 recursions). >> >> I am not about to start that argument again since it is the usual case of >> clamAV developers are damned if we do and damned if we don't. > > > > I am not getting something here. By recursive 'blocking' do you mean a > limit on recursion (that's how I read it) or something else? Tomasz > seemed to indicate in a previous email that there is an email recursion > limit set in Clam: > > ; There's already a recursion limit for mail scanning but it's not > ; configurable (yet). > > and > > libclamav/scanners.c:#define MAX_MAIL_RECURSION 15 > > I'm not trying to start any argument, either. Just trying to understand > how Clam actually works, given what appear to me to be two contradictory > statements. > > I get that the previous 800k email I mentioned is actually 200 nested > emails. You are right about that and I missed it. But if there is a > recursion limit of 15, and let's even say Clam looks at the 15 biggest > ones first, so they're all about 800. That should still mean Clam would > only need several seconds to scan through the first 15, then quit. But > it doesn't. It takes much, much longer. > > That's where I'm coming from. If mail recursion has a max setting, why > does it take so long? If it doesn't have one, what was Tomasz talking > about?
In my opinion after reaching (configurable and disabled by default) max recursion limit clamav should return with error (or virus name?) Oversized.Mail (or something like this). Regards Boguslaw Brandys -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCFyvftuGICzHOh+YRAvzlAJ939yqTXviXsWYwFVjeTkdBdzNJMQCggUyG XiiiB8PnF9Oxc6gRCL1IKR8= =Nanq -----END PGP SIGNATURE----- _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
