[clamav-users] Clamdscan is scanning files larger than 4GB
Micah Snyder (micasnyd)
micasnyd at cisco.com
Tue Jan 19 22:42:11 UTC 2021
The “OK” response indicates that nothing was found, whether the entire file was scanned, some of it was scanned, or none of it was scanned. If the max file size is 10M, and the file is 11M, it will skip the file and say “OK”.
I’ll be honest, I’m not a huge fan of this behavior or the use of the word “OK” to indicate that nothing was found or that the file was skipped. But I am also wary of changing it from “OK” to something else, as it will undoubtedly break scripts and other tooling for many users.
If you want to know if the file has been skipped because it exceeded the maximum file size, scan size, scan recursion, or scan time, you can use the clamd.conf option “AlertExceedsMax yes” or the clamscan option --alert-exceeds-max. This will report “Heuristics.Limits.Exceeded FOUND" for each file that exceeds any one of the maximums.
-Micah
From: clamav-users <clamav-users-bounces at lists.clamav.net> On Behalf Of Michael Kyriacou via clamav-users
Sent: Monday, January 18, 2021 3:10 PM
To: clamav-users at lists.clamav.net
Cc: Michael Kyriacou <mkyriacou111 at gmail.com>
Subject: [clamav-users] Clamdscan is scanning files larger than 4GB
Hello! I am using clamav version 0.102.4, on Ubuntu 20.04.
I configured the max file size and Maxscansize to be 10M. When I scan files larger than that, it returns with an OK, telling me that it scanned.
It seems to me that clamdscan is completely ignoring this configuration. Is there something I’m doing wrong?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210119/4b158580/attachment.htm>
More information about the clamav-users
mailing list