Hi,
When any of MaxScanSize MaxFileSize MaxRecursion are exceeded
clamd returns OK instead of an error message.
But, if MaxFiles is exceeded "Files number limit exceeded ERROR"
is returned.
This is the same in 0.91.2 and 0.93 and appears to be a bug.
However in 0.91.2, ArchiveBlockMax could be set and the offending files
detected as viruses as a workaround.
We'd like to detect these files as they could be compression bombs
or archives containing viruses and in any case are likely to impact on
the performance of mail servers doing virus scanning using clamav .
The bug appears to be in places like the following from
0.91.2 libclamav/scanners.c
if(SCAN_ARCHIVE && ctx->limits && ctx->limits->maxreclevel)
if(ctx->arec > ctx->limits->maxreclevel) {
cli_dbgmsg("Archive recursion limit exceeded (arec == %u).\n",
ctx->arec);
if(BLOCKMAX) {
*ctx->virname = "Archive.ExceededRecursionLimit";
return CL_VIRUS;
}
return CL_CLEAN;
}
In 0.93 the if(BLOCKMAX) part is deleted.
I think that CL_EMAXREC ("Recursion limit exceeded" )
should be returned and not CL_CLEAN.
--
David Shrimpton
University of Qld
Brisbane Australia
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
