[clamav-users] decompress file size exceeds limits

Micah Snyder (micasnyd) micasnyd at cisco.com
Wed Aug 21 17:47:39 EDT 2019


You may also use the clamd “AlertExceedsMax” option to have it alert with the heuristic signature name “Heuristics.Limits.Exceeded”.
If you do this, you will probably observe other files that also exceed the maximums but don’t issue a warning-level message when they do so. Honestly, I’m not sure why the Xz scanner prints a warning message for this situation.  It is unusual.

-Micah

From: clamav-users <clamav-users-bounces at lists.clamav.net> on behalf of Al Varnell via clamav-users <clamav-users at lists.clamav.net>
Reply-To: ClamAV users ML <clamav-users at lists.clamav.net>
Date: Monday, August 19, 2019 at 9:03 PM
To: ClamAV users ML <clamav-users at lists.clamav.net>
Cc: Al Varnell <alvarnell at mac.com>
Subject: Re: [clamav-users] decompress file size exceeds limits

Correction. Apparently clamdscan doesn't have a debug mode, but -v for verbose might help.

Best to use clamscan --debug.

-Al-
================
Run clamscan or clamdscan --debug. The log should be able to tell you what and where that file is.

-Al-

On Mon, Aug 19, 2019 at 02:43 PM, Michael Newman via clamav-users wrote:
I keep getting this message:

"LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes"

I know what it means. Is there some way to find that file?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190821/36a138ff/attachment.html>


More information about the clamav-users mailing list