[clamav-users] Current replacement for --max-ratio?
G.W. Haywood
clamav at jubileegroup.co.uk
Fri Jan 14 23:21:03 UTC 2022
Hi there,
On Fri, 14 Jan 2022, Kris Deugau wrote:
> I've just come across a presumed-malicious .zip file of about 500K that
> contains a ~315M ISO image, which in turn appears to contain a ~315M
> executable file.
>
> After a bit of searching and testing I see the --max-ratio option has been
> removed from clamscan, and ArchiveMaxCompressionRatio in clamd.conf has been
> deprecated.
>
> Are there any remaining (or new?) options that might help flag
> hypercompressed files like this?
If you're using clamd, perhaps try the AlertExceedsMax option together
with the MaxScanSize and/or MaxFileSize options. No it's not the same. :/
Did this arrive in mail, Kris?
--
73,
Ged.
More information about the clamav-users
mailing list