We recently upgraded to clam 91.2 on our mail servers, and since, are seeing an increase in warning messages in our logs: "WARNING: not scanned; untested big block size - please report" We used to get only one or two of these a day, but are now getting it every few minutes.
As I understand it from looking at the code in ole2_extract.c, clam will skip files containing ole2 header values for "big block size" not equal to 9 (512 = 2^9). (This was apparently to stop it from segfaulting when scanning files with 'bad' block sizes?) I have compared the source to older versions, and I see that the value that is skipped is still hard coded as 9. Has anything else changed in clam regarding ole2, or is this just a coincidence, are our users just maybe just sending more mails containing ole2 extensions that clam can't scan? Regards, Eric Kruse _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
