ClamAV is both an email/attachment scanner and a file system scanner. It is
pointless to set the email scanner to scan files larger than your MTA is
configured to accept. Secondarily, the interface between the MTA and ClamAV
frequently has a max filesize parameter, too. This is to prevent DOS'in
The filesize limit can be dynamically set for clamscan with the
"--max-filesize=xxM" option. clamd.conf can be used to change the clamd
filesize limit with "MaxFileSize".
Excerpt from clamscan help:
--max-filesize=#nFiles larger than this will be
skipped and assumed cl
You might be able to re-compile the ClamAV source and configure it with
--maxfilesize=xxM, but the limit is there to prevent severe system damage that
can result from attempting to scan over-sized files. I know in the case of OS
X there is no known malware that exceed the established limits.
-
Thanks for your questions and suggestions.
I had a look via the --debug method, and found the following in the clamAV
call:-
LibClamAV debug: cli_updatelimits: filesize exceeded (allowed: 26214400,
needed: 104096320)
To check this, I ran clamAV with an eicar string test and got the expected
clamd.conf does not affect the behavior of clamscan which is why you needed
to run freshclam first to pull database to the default database location.
Thus, there is a possibility that the databases may be mismatched though
it's unlikely as the signature is still part of the current set. In order
to
Hi there,
On Thu, 21 Jul 2016, Jay Gattuso wrote:
What am I missing? / What else do you need to know to help me trouble shoot?
You are probably using different configuration files for the two scans.
Find them and you might have your answer. If not, post them here.
--
73,
Ged.
