Hi there,
On Thu, 25 Mar 2021, Ben Stuyts wrote:
On 25 Mar 2021, at 00:32, G.W. Haywood via clamav-users
<clamav-users@lists.clamav.net> wrote:
On Wed, 24 Mar 2021, Ben Stuyts wrote:
On 24 Mar 2021, at 12:14, G.W. Haywood via clamav-users
<clamav-users@lists.clamav.net> wrote:
On Wed, 24 Mar 2021, Ben Stuyts wrote:
... File ‘a’ is a 4.1 GB mbox file. ...
Then don't scan it...
Possible, but not the first thing that comes to my mind with email folders.
You could scan what you put into it.
We do of course, using clamav-milter. But if there’s a missing
virus definition during mail transfer it will be hopefully detected
at a later stage.
Emphasis on hopefully, and something about a stable door, and do you
have working estimates of the probabilities? And what do you do if,
when you scan the huge mbox file, ClamAV says it's found something?
It won't tell you which message is the suspicious one, so you'll be
playing about with 'formail' or binary searches or whatever, all the
while wondering who's at risk from this potentially troublesome but
unidentified message. And the detection might not even be triggered
when you split up the messages. You could waste a *lot* of time and
energy that way.
Of course you know that there are alternatives to mbox format, which
not only won't involve you in scanning outlandishly big files but also
give you substantial improvements in performance elsewhere, not to
mention giving clamd's cache of MD5 digests a chance to do something
useful (instead of what it's doing for you now - burning CPU cycles to
no purpose whatsoever). Another added benefit might be that you could
get the scanner to actually identify the suspicious message...
Not that any of this is a recommendation, other than that people think
real hard about what they're doing.
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
