On 9/19/08, Dennis Peterson <[EMAIL PROTECTED]> wrote: > Alexandre Biancalana wrote: > > On 9/19/08, Dennis Peterson <[EMAIL PROTECTED]> wrote: > >> fchan wrote: > >> > I read your links and I understand possible DoS and other issues but > >> > to repeat Alexandre's idea, why is there no error message for file > >> > that are too large to notify the admin so they can adjust clamd.conf > >> > or other action. Right now this infected file passes through like if > >> > it was not infected which would be dangerous under certain conditions. > >> > IMHO this file shouldn't pass through clamav without any error message. > >> > > >> > Frank > >> > >> > >> What would the error message say? There was no error in my view. The > >> file was larger than what the OP was willing to test so it was not > >> tested (if I understand it correctly). As such it is accepted at risk. > >> It is the OP's job to decide what else to do with files that are > >> accepted at risk. That may require yet another milter or other process > >> spawned by procmail, for example. > > > > Could not be an error message, just a warning, a informative message, > > saying that the file was not scanned and not that the file is > > clean.... > > > > In this case I'm using clamav on a file server to scan user files not > emails... > > > Doesn't matter - if you tell clamav to ignore certain files you are then > obliged to use another method to test those files or ignore them. It > would be rather trivial to write a script that finds large files and > takes an action on them, but if you're going to scan them, then why > prevent clamav from scanning them in the first place?
Forget... my point was just to have a more intuitive and clear message saying exactly what happened instead say that the file clean if it's not. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
