[clamav-users] Heuristics.Limits.Exceeded FOUND
Reio Remma
reio at mrstuudio.ee
Fri Apr 3 21:22:12 UTC 2020
On 04.04.2020 00:17, Kris Deugau wrote:
> Arjen de Korte via clamav-users wrote:
>> Citeren Paul Kosinski via clamav-users <clamav-users at lists.clamav.net>:
>
>>> However, applying clamscan to this file (which was slightly renamed by
>>> my download script to be more readable) results in the following
>>> output:
>>>
>>> clamscan --alert-exceeds-max=yes --max-scantime=999
>>> --max-scansize=4090M --max-filesize=4090M --max-files=30000
>>> --max-recursion=30 --pcre-match-limit=999999999
>>> --pcre-max-filesize=999999999 firefox-68.6.1-esr-64.tar.bz2
>>>
>
>> Before writing this whole rant, you have not considered checking
>> which of the options might have triggered this? You've reduced the
>> --max-scantime from the default 120 seconds to under 1 second and
>> still wonder why this breaks? Really?
>
> That option seems to be missing from the man page entirely:
>
> $ dpkg -l clamav
> ii clamav 0.102.1+dfsg-0+deb10u2 amd64 [...]
> $ zgrep scantime /usr/share/man/man1/clamscan.1.gz
> $
>
>
> and does not specify units in the --help text:
>
> $ clamscan --help
> [...]
> --max-scantime=#n Scan time longer than this
> will be skipped and assumed clean
> [...]
>
> Absent any documentation, I would reasonably assume this to be in
> seconds, not milliseconds.
>
> I have no idea if you're wrong about this being the cause, but without
> diving into the source, Paul's use of that option looks entirely
> reasonable to me.
>
> -kgd
https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html
It is indeed a rather obscure option and missing from man pages.
Good luck,
Reio
More information about the clamav-users
mailing list