Remember not everyone that uses clamav is not an expert so for someone that is new to clamav thinks that every file that went through clamav would be scanned for malware would be incorrect and they have a possibility of opening an infected file. I think a message or warning that a file that was too large passed through clamav without being scanned would be nice so one can take appropriate action. That is my opinion.
Frank >On 9/19/08, Dennis Peterson <[EMAIL PROTECTED]> wrote: >> Alexandre Biancalana wrote: >> > On 9/19/08, Dennis Peterson <[EMAIL PROTECTED]> wrote: >> >> fchan wrote: >> >> > I read your links and I understand possible DoS and other issues but >> >> > to repeat Alexandre's idea, why is there no error message for file >> >> > that are too large to notify the admin so they can adjust clamd.conf >> >> > or other action. Right now this infected file passes through like if >> >> > it was not infected which would be dangerous under certain >>conditions. >> >> > IMHO this file shouldn't pass through clamav without any >>error message. >> >> > >> >> > Frank >> >> >> >> >> >> What would the error message say? There was no error in my view. The >> >> file was larger than what the OP was willing to test so it was not >> >> tested (if I understand it correctly). As such it is accepted at risk. >> >> It is the OP's job to decide what else to do with files that are >> >> accepted at risk. That may require yet another milter or other process >> >> spawned by procmail, for example. >> > >> > Could not be an error message, just a warning, a informative message, >> > saying that the file was not scanned and not that the file is >> > clean.... >> > >> > In this case I'm using clamav on a file server to scan user >>files not emails... >> >> >> Doesn't matter - if you tell clamav to ignore certain files you are then >> obliged to use another method to test those files or ignore them. It >> would be rather trivial to write a script that finds large files and >> takes an action on them, but if you're going to scan them, then why >> prevent clamav from scanning them in the first place? > >Forget... my point was just to have a more intuitive and clear message >saying exactly what happened instead say that the file clean if it's >not. >_______________________________________________ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://www.clamav.net/support/ml _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
