Using the lastest (Windows / Cygwin) snapshot available from Clamav.or.id dated 3/10/2005, clamscan is reporting that it found the virus Oversized.Zip
clamscan --help shows a --block-max switch which I'm not using. I'm not sure what limits its talking about either.
The zip file is 2MB in size. How can I get clamscan to quit flagging this file?
From man clamscan: --block-max Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit) if max-files, max-space, or max-recur- sion is reached. --max-recursion=#n Set archive recursion level limit. This option protects your system against DoS attacks (default: 8).
--max-ratio=#n
Set maximum archive compression ratio limit. This option pro-
tects your system against DoS attacks (default: 250).So you can use --max-recursion=? and --max-ratio=?; play with the values and see if you can get through.
BTW your zip archive is not typical, it may be a real DoS attempt, for example here's a result with an ordinary (4.4M) zip file using Cygwin's own version of clamav-0.83:
$ clamscan xlsql-Y7.zip xlsql-Y7.zip: OK
----------- SCAN SUMMARY ----------- Known viruses: 31549 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 13.49 MB I/O buffer size: 131072 bytes Time: 13.965 sec (0 m 13 s)
Don't mind about the time, my CPU is at 100% compiling gcc right now. -- René Berber
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html
