On Tue, Aug 9, 2016 at 9:40 AM, G.W. Haywood <cla...@jubileegroup.co.uk> wrote: > Hi there, > > On Tue, 9 Aug 2016, sapientdust+cla...@gmail.com wrote: > On Thu, Aug 4, 2016 at 7:14 PM, Al Varnell <alvarn...@mac.com> wrote: > >>> ... Risk = threat x vulnerability x consequence >> >> >> I agree. In my case, the consequence factor is very large ... > > > Perhaps you can elucidate the consequences. If the consequence factor > is as you say very large, then you have a problem to solve.
The specifics are not important to my question, which is about the TECHNICAL feasibility of scanning in multiple pieces. If it won't work reliably (relative to scanning files small enough to be scanned in their entirety at once), that's fine, and I will have to switch to another AV scanner, but I was hoping for some specific technical reasons why it won't work before giving up on ClamAV. >> I have to scan even the large files somehow. > > > This will not solve the problem. It can never and will never solve it. > You need to find another way of going about things. What's the technical reason that it won't work? >> Skipping large files would just provide an easy attack vector ... > > > Then you have to fix the system so that it wouldn't be easy. > >> Does anybody have any feedback on the proposed solution to scanning >> large files in chunks? > > > Stop worrying about it, it's a waste of time and effort. The probability > that you will actually find what you're looking for is very small. What are the technical reasons that the probability is very small (compared to the probability of finding a virus if the file is small enough to be scanned in one instream call)? _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
