The “OK” response indicates that nothing was found, whether the entire file was scanned, some of it was scanned, or none of it was scanned. If the max file size is 10M, and the file is 11M, it will skip the file and say “OK”. I’ll be honest, I’m not a huge fan of this behavior or the use of the word “OK” to indicate that nothing was found or that the file was skipped. But I am also wary of changing it from “OK” to something else, as it will undoubtedly break scripts and other tooling for many users.
If you want to know if the file has been skipped because it exceeded the maximum file size, scan size, scan recursion, or scan time, you can use the clamd.conf option “AlertExceedsMax yes” or the clamscan option --alert-exceeds-max. This will report “Heuristics.Limits.Exceeded FOUND" for each file that exceeds any one of the maximums. -Micah From: clamav-users <clamav-users-boun...@lists.clamav.net> On Behalf Of Michael Kyriacou via clamav-users Sent: Monday, January 18, 2021 3:10 PM To: clamav-users@lists.clamav.net Cc: Michael Kyriacou <mkyriacou...@gmail.com> Subject: [clamav-users] Clamdscan is scanning files larger than 4GB Hello! I am using clamav version 0.102.4, on Ubuntu 20.04. I configured the max file size and Maxscansize to be 10M. When I scan files larger than that, it returns with an OK, telling me that it scanned. It seems to me that clamdscan is completely ignoring this configuration. Is there something I’m doing wrong?
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
