Good day Arnaud
Thanks so much for this.
Really appreciate the fast reply and help.
Regards
Brent Clark
On 2019/11/08 10:23, Arnaud Jacques wrote:
Hello Brent,
https://www.bamsoftware.com/hacks/zipbomb/
I took the liberty of spinning up a vagrant instance to find out for
myself.
Here you can see I scanned the zip file, thats made available from the
above site. As you can see, clamav (inconjunction with Sanesecurity),
the file passed.
vagrant@stretch:~/src$ clamscan zbsm.zip
zbsm.zip: OK
----------- SCAN SUMMARY -----------
Known viruses: 8944025
Engine version: 0.101.4
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 63.13 MB
Data read: 0.04 MB (ratio 1616.20:1)
Time: 196.787 sec (3 m 16 s)
No need 3rd party signatures, official ClamAV seems to work fine with
these files :
clamscan --alert-exceeds-max=yes --max-recursion=5 --max-ziptypercg=5M
/var/tmp/tmp/zblg.zip: Heuristics.Limits.Exceeded FOUND
/var/tmp/tmp/zbsm.zip: Heuristics.Limits.Exceeded FOUND
/var/tmp/tmp/zbxl.zip: Heuristics.Limits.Exceeded FOUND
----------- SCAN SUMMARY -----------
Known viruses: 8748540
Engine version: 0.101.4
Scanned directories: 1
Scanned files: 3
Infected files: 3
Data scanned: 169.38 MB
Data read: 53.22 MB (ratio 3.18:1)
Time: 396.918 sec (6 m 36 s)
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
