[clamav-users] Disable MaxFileSize and MaxFileSize to scan the whole system

Dennis Peterson dennispe at inetnw.com
Mon Dec 3 12:58:05 EST 2018


If it is a big concern you can use the split command to create  "splits" of the 
suspect file. Split accepts various size arguments (bytes, lines...) and will 
create as many files as it takes to split the entire large file. These can be 
scanned individually and discarded when done. There is a risk of a split 
happening in the middle of a section that might match a signature but that is 
small. A work around is to split a file, scan it, delete the splits, then split 
it a second time using a different split size and repeat the scan.

This is obviously tedious and works best on static files. There's always a way 
if you don't mind the effort. It is easily scriptable.

dp

On 12/3/18 8:23 AM, Albert o wrote:
> Well I just want to be sure that the big files which can't be scanned don't 
> contain viruses...
> BTW thanks everyone for helping me out
>
> On Mon, Dec 3, 2018, 17:21 Noel Jones <njones at megan.vbhcs.org 
> <mailto:njones at megan.vbhcs.org> wrote:
>
>     What kind of giant files are you scanning?  Many big files, such as
>     hard drive/DVD images or "raw" database files, are likely to
>     generate random false positives.
>
>
>
>
>       -- Noel Jones
>
>
>     On 12/3/2018 3:59 AM, Albert o wrote:
>     > Alright thank you. Is there a way to make clamscan do the same?
>     >
>     > On Mon, Dec 3, 2018, 09:18 Al Varnell <alvarnell at mac.com
>     <mailto:alvarnell at mac.com>
>     > <mailto:alvarnell at mac.com <mailto:alvarnell at mac.com>> wrote:
>     >
>     >     MaxFileSize 0 disables limiting, but that only applies to
>     >     clamdscan scanning.
>     >
>     >     Sent from my iPad
>     >
>     >     -Al-
>     >
>     >     On Dec 2, 2018, at 23:18, Albert o rote:
>     >
>     >>     What do I need to use in clamd.conf to scan the maximum
>     >>     possible size?
>     >>     MaxFileSize 39999M
>     >>     MaxFileSize 3999M
>     >>     Is this syntax correct?
>     >>
>     >>     On Mon, Dec 3, 2018, 00:06 Dennis Peterson
>     >>     <dennispe at inetnw.com <mailto:dennispe at inetnw.com>
>     <mailto:dennispe at inetnw.com <mailto:dennispe at inetnw.com>> wrote:
>     >>
>     >>         I wonder how many signature writers bother to match
>     >>         content at the end of files. Hopefully, none, in which
>     >>         case full file scanning is pointless.
>     >>
>     >>         dp
>     >>
>     >>         On 12/2/18 3:02 PM, Al Varnell wrote:
>     >>>         Trial and error, depending on your setup.
>     >>>
>     >>>         Must not exceed the amount of RAM you have installed less
>     >>>         what is needed to run your system and whatever else you
>     >>>         have running at the time.
>     >>>
>     >>>         Best advice would be to set it to the size of the largest
>     >>>         file you need to scan.
>     >>>
>     >>>         -Al-
>     >>>
>     >>>         On Sun, Dec 02, 2018 at 09:35 AM, Albert o wrote:
>     >>>>         I removed that option.
>     >>>>         So what is the right way to make clamAV scan the maximum
>     >>>>         possible size?
>     >>>>         On Wed, Nov 28, 2018 at 7:31 AM Henrik K <hege at hege.li
>     <mailto:hege at hege.li>
>     >>>>         <mailto:hege at hege.li <mailto:hege at hege.li>>> wrote:
>     >>>>>
>     >>>>>         On Tue, Nov 27, 2018 at 05:01:40PM -0500, Albert o wrote:
>     >>>>>>         "sudo clamscan -r --remove=yes /"
>     >>>>>
>     >>>>>         ClamAV doesn't exactly have a perfect track record
>     >>>>>         regarding false positives
>     >>>>>         (not that any scanner would have).  Are you sure you'd
>     >>>>>         want --remove=yes to
>     >>>>>         remove some critical system files/libraries?
>     >>>
>     >>>  _______________________________________________
>     >>>         clamav-users mailing list
>     >>> clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
>     <mailto:clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>>
>     >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>     >>>
>     >>>
>     >>>         Help us build a comprehensive ClamAV guide:
>     >>> https://github.com/vrtadmin/clamav-faq
>     >>>
>     >>> http://www.clamav.net/contact.html#ml
>     >>
>     >>
>     >>  _______________________________________________
>     >>         clamav-users mailing list
>     >> clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
>     >>         <mailto:clamav-users at lists.clamav.net
>     <mailto:clamav-users at lists.clamav.net>>
>     >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>     >>
>     >>
>     >>         Help us build a comprehensive ClamAV guide:
>     >> https://github.com/vrtadmin/clamav-faq
>     >>
>     >> http://www.clamav.net/contact.html#ml
>     >>
>     >>     _______________________________________________
>     >>     clamav-users mailing list
>     >> clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
>     >>     <mailto:clamav-users at lists.clamav.net
>     <mailto:clamav-users at lists.clamav.net>>
>     >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>     >>
>     >>
>     >>     Help us build a comprehensive ClamAV guide:
>     >> https://github.com/vrtadmin/clamav-faq
>     >>
>     >> http://www.clamav.net/contact.html#ml
>     >     _______________________________________________
>     >     clamav-users mailing list
>     > clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
>     <mailto:clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>>
>     > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>     >
>     >
>     >     Help us build a comprehensive ClamAV guide:
>     > https://github.com/vrtadmin/clamav-faq
>     >
>     > http://www.clamav.net/contact.html#ml
>     >
>     >
>     > _______________________________________________
>     > clamav-users mailing list
>     > clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
>     > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>     >
>     >
>     > Help us build a comprehensive ClamAV guide:
>     > https://github.com/vrtadmin/clamav-faq
>     >
>     > http://www.clamav.net/contact.html#ml
>     >
>
>     _______________________________________________
>     clamav-users mailing list
>     clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
>     http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
>     Help us build a comprehensive ClamAV guide:
>     https://github.com/vrtadmin/clamav-faq
>
>     http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181203/b525c277/attachment.html>


More information about the clamav-users mailing list