[clamav-users] Scanning very large files in chunks

sapientdust+clamav at gmail.com sapientdust+clamav at gmail.com
Mon Aug 8 12:56:33 EDT 2016


On Thu, Aug 4, 2016 at 7:14 PM, Al Varnell <alvarnell at mac.com> wrote:
> ...
> With the ever increasing malware issues we face today, it’s important to consider this:
>
> Risk = threat x vulnerability x consequence

I agree. In my case, the consequence factor is very large, and I have
to scan even the large files somehow. Skipping large files would just
provide an easy attack vector for the system that ClamAV is
protecting. In addition to the file types mentioned elsewhere in this
thread that can be larger than a few GB, I've personally seen
Photoshop files and PDFs and in the 3GB-7GB range.

Does anybody have any feedback on the proposed solution to scanning
large files in chunks? If I test a virus embedded in some large files
at various locations (just inserting the virus bytes into the file)
and verify that ClamAV does detect it reliably, are there any reasons
that the method wouldn't work for all file types, assuming that the
initial bytes of the file are prepended to each chunk so that ClamAV
knows what type of file it is?



More information about the clamav-users mailing list