[clamav-users] Finding infections in a tar-ball
Dennis Peterson
dennispe at inetnw.com
Thu Apr 17 04:22:55 UTC 2014
On 4/15/14, 7:36 AM, Steven Morgan wrote:
> Good news, it works. We are considering a --warn-on-limit-exceeded option
> to cover messaging in these types of cases.
>
> Steve
>
>
>
I've found an interesting inconsistency when scanning archives. I tested this on
an xz compressed tar file (the ClamAV distro) and the library error handler
informed me the file size was too large, it then scanned what it could, and
failed to find the ClamAV test file. I then did the same thing on a gzip
compressed tar file and it silently failed to find the test file. When I put in
appropriate sizes for max filesize and max scansize the test file was found in
the xz compressed file and the gzip file.I wonder why I was informed of the size
problem with the xz tar file and not the gzip tar file? Perhaps xz is not
included as a library feature and gzip is?
dp
More information about the clamav-users
mailing list