[clamav-users] Disable MaxFileSize and MaxFileSize to scan the whole system

Ángel angel at av.16bits.net
Tue Dec 4 16:42:30 EST 2018


On 2018-12-03 at 09:58 -0800, Dennis Peterson wrote:
> If it is a big concern you can use the split command to create
> "splits" of the suspect file. Split accepts various size arguments
> (bytes, lines...) and will create as many files as it takes to split
> the entire large file. These can be scanned individually and discarded
> when done. There is a risk of a split happening in the middle of a
> section that might match a signature but that is small. A work around
> is to split a file, scan it, delete the splits, then split it a second
> time using a different split size and repeat the scan.

> This is obviously tedious and works best on static files. There's
> always a way if you don't mind the effort. It is easily scriptable.
> 
> dp


Splitting a file will probably make chunks other than the first to
appear as random bytes, rather than having the correct filetype, thus
making some signatures not to be applied.
(the first chunk will _probably_ be detected properly, still splitting
can make it miss what would be found on the full size, eg. splitting a
zip file will lose its central directory...)

Signatures are generally more complex than looking for a certain
substring...

Best regards




More information about the clamav-users mailing list