Micah,
Yeah, now that you mention it, I remember having read somewhere about
".ja" files as being not quite zip format. On Linux, the (latest)
"file" command identifies ".ja" as "Mozilla archive" format. But
(recent) unzip commands don't seem to have any trouble (unlike ARK,
which can't find a sui
Paul,
I investigated further and realize now that it ISN'T double-extracting files
from plain zips. It is double-extracting files from zips within other raw
image file formats, like TAR or image file formats. For a plain zip, It
detects the file entries twice, but doesn't extract them if the
Is this a generic problem with compressed archives (like the Firefox
".tar.bz2") or is it zip specific?
If it is zip specific, there are 2 files in the Firefox distribution
file that are zip format compressed which might explain the slowness.
(They are both named omni.ja, but have different conte
One issue ClamAV currently has with scanning Zip archives is that ClamAV's
self-extracting zip detection logic has a flaw wherein it detects every file
within a zip as a new self-extracting zip. As a result, I believe (and I could
be wrong on this), that Clam ends up extracting and scanning eve
I didn't want to screw around with my clamdscan (clamd.conf) settings,
so I ran my optioned-up clamscan command on a smaller and much less
complicated file. It took less than 11 seconds total time. (My previous
guess on clamscan's DB load time was apparently way off.)
This suggests that the ClamAV
Much of that time is almost certainly being consumed by loading the signature
database into RAM. How long does it take using clamdscan?
Sent from my iPad
-Al-
On Apr 6, 2020, at 12:29, Paul Kosinski via clamav-users
wrote:
>
> It *does* take more than 120 secs for the clamscan command to ful
Micah,
It *does* take more than 120 secs for the clamscan command to fully
scan the 62 MB Firefox installation file (.tar.bz2). Trying the scan
with the default clamscan limits results in 62 MB "Data read" but
*zero* "Data scanned"!
Since I previously had run afoul of file size limits, I had writ
Paul,
Are you seeing many files that take longer than 2 minutes to scan? We thought
the default scan time limit was already quite high at 2 minutes.
-Micah
On 4/4/20, 1:47 AM, "clamav-users on behalf of Paul Kosinski via clamav-users"
wrote:
"If one is overriding a default value by pro
"If one is overriding a default value by providing it on the command
line, you should know what you're doing. Guessing is never a good idea,
especially if (like here) the documentation is lacking."
"It was noted in the list of notable changes in 0.102.0 ... which Paul
*must* have read, otherwise h
The --max-scantime" option apparently was the culprit. I had set it to
999 to ensure it *wouldn't* times out. I never imagined that the time
was in milliseconds, since "--help" didn't say so, and the clamscan
*command* needs on the order of 100,000 msecs even to start. (So why
specify max scan time
Apologies for the confusion. We actually merged a fix to the man page, help
output for this option a couple days ago:
https://github.com/Cisco-Talos/clamav-devel/commit/6e17eb5e97dbb0529dea47e15fd35b5fa79565de#diff-6426d2040de12e907d62da86807e7ca8
-Micah
On 4/3/20, 5:18 PM, "clamav-users on b
Citeren Kris Deugau :
Arjen de Korte via clamav-users wrote:
Citeren Paul Kosinski via clamav-users :
However, applying clamscan to this file (which was slightly renamed by
my download script to be more readable) results in the following output:
clamscan --alert-exceeds-max=yes --max-scanti
On 04.04.2020 00:17, Kris Deugau wrote:
Arjen de Korte via clamav-users wrote:
Citeren Paul Kosinski via clamav-users :
However, applying clamscan to this file (which was slightly renamed by
my download script to be more readable) results in the following
output:
clamscan --alert-exceeds-m
Arjen de Korte via clamav-users wrote:
Citeren Paul Kosinski via clamav-users :
However, applying clamscan to this file (which was slightly renamed by
my download script to be more readable) results in the following output:
clamscan --alert-exceeds-max=yes --max-scantime=999
--max-scansize=4
Citeren Paul Kosinski via clamav-users :
I am puzzled (and dismayed) by the following behavior of ClamAV. When I
scan some archive files, I often get "Heuristics.Limits.Exceeded FOUND".
This makes me wonder about ClamAV's utility in protecting our systems
against malware.
I'm not talking about
I am puzzled (and dismayed) by the following behavior of ClamAV. When I
scan some archive files, I often get "Heuristics.Limits.Exceeded FOUND".
This makes me wonder about ClamAV's utility in protecting our systems
against malware.
I'm not talking about archive files downloaded from questionable
s
Hello list,
i've found a strange behavior of clamdscan (at least to me). Some files
scanned with clamdscan throw a "Heuristics.Limits.Exceeded FOUND"
but the same files scanned with clamscan does not.
I've allready increased the value of MaxFileSize to 500M, MaxScanSize to
1000M and MaxRecursion t
17 matches
Mail list logo
