[clamav-users] Scanning a large file through HTTP
Paul Kosinski
clamav-users at iment.com
Thu Apr 8 03:52:53 UTC 2021
Seems to me that this behavior, advertising a 4GB limit while silently imposing a 2GB limit and reporting "OK" for anything in between, is a *major* security flaw: ClamAV *must* report that the file was too big to deal with (however worded).
Thus I've taken to using clamscan rather than clamdscan (slow though that is), because at least it reports how many bytes were read, and how many scanned, so I can see what's going on.
P.S. Recently I've downloaded some MP3s from Amazon and scanned them (as I do everything I download -- except updates from my Linux distros). But for a reason I saw on this list -- but can't remember -- MP3s are fully read, but not scanned. Is this going to be remedied?
On Wed, 7 Apr 2021 22:14:39 +0000
"Micah Snyder \(micasnyd\) via clamav-users" <clamav-users at lists.clamav.net> wrote:
> In reality, the file size limit is 2GB. Anything larger than that will be automatically skipped and marked as “OK”.
More information about the clamav-users
mailing list