On Thu, Aug 4, 2016 at 7:14 PM, Al Varnell <alvarn...@mac.com> wrote: > ... > With the ever increasing malware issues we face today, it’s important to > consider this: > > Risk = threat x vulnerability x consequence
I agree. In my case, the consequence factor is very large, and I have to scan even the large files somehow. Skipping large files would just provide an easy attack vector for the system that ClamAV is protecting. In addition to the file types mentioned elsewhere in this thread that can be larger than a few GB, I've personally seen Photoshop files and PDFs and in the 3GB-7GB range. Does anybody have any feedback on the proposed solution to scanning large files in chunks? If I test a virus embedded in some large files at various locations (just inserting the virus bytes into the file) and verify that ClamAV does detect it reliably, are there any reasons that the method wouldn't work for all file types, assuming that the initial bytes of the file are prepended to each chunk so that ClamAV knows what type of file it is? _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
