On 11/08/11 17:41, Peter Bradeen wrote: > I see that there are ways to limit the level of archive that will be > scanned as well as the size of the entities to be scanned. Is there a way > for CLAMAV to then flag them as not allowed? Seem that if you can't scan > it, it should be rejected.
Hi Peter, Long ago there were as set of options going under the name of ArchiveBlockMaxXXX. They were really intended to keep the engine safe from loops and abuse, but in the end they did more or less what you ask. The options were dropped because they gave us a lot of headaches with complaints and FP reports (you can still google "oversized.zip" and enjoy the flames). Before dropping the said options a poll was conducted on this very board and the general consensus was that the option was pointless and to be dropped. Long story short, we understand exactly the scenario you describe and the question you raise. However it's very unlikely that suck a feature is going to be added in the future. Cheers, --aCaB _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
