[clamav-users] Why is ArchiveBlockMax obsoleted?

Steven Morgan smorgan at sourcefire.com
Thu Feb 26 13:10:07 EST 2015


Hi Vladislav,

Unfortunately there is currently not an option to flag files when
MaxRecursion is exceeded. Looking at the README, ArchiveBlockMax was
removed from ClamAV in 0.93, don't know what were the reasons, it was
before my time. Maybe a search of the mail list archive could give insight,
or maybe someone else will have some thoughts? You can also open a feature
request at bugzilla.clamav.net.

Steve

On Thu, Feb 26, 2015 at 4:46 AM, Vladislav Kurz <vladislav.kurz at webstep.net>
wrote:

> Hi all,
>
> in response to recent wave of viruses that were not detected by any
> antivirus,
> we decided to simply block any nested zip files. (Exe inside Zip inside
> Zip).
> So I tried to set MaxRecursion=1, just to find out that it passes such
> files
> as clean without scanning deeper. I want to block such files in the same
> manner as encrypted archives, but the ArchiveBlockMax option is obsolete.
> Why?
> Is there any undocumented replacement option for that?
>
> On some man pages I found --max-block, but that is ignored as well.
> Is there any reason to drop such function?
>
> --
> Best Regards
>         Vladislav Kurz
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>



More information about the clamav-users mailing list