[clamav-users] Current replacement for --max-ratio?
Eric Tykwinski
eric-list at truenet.com
Sat Jan 15 01:07:11 UTC 2022
Ged,
When did clamav start scanning iso files?
I just tried this and found a eicar.txt file, so yes it does work.
For email, I always just blocked iso extensions. Still doesn’t like MacOS cdr extensions, but a great improvement.
Sincerely,
Eric Tykwinski
> On Jan 14, 2022, at 6:21 PM, G.W. Haywood via clamav-users <clamav-users at lists.clamav.net> wrote:
>
> Hi there,
>
> On Fri, 14 Jan 2022, Kris Deugau wrote:
>
>> I've just come across a presumed-malicious .zip file of about 500K that contains a ~315M ISO image, which in turn appears to contain a ~315M executable file.
>>
>> After a bit of searching and testing I see the --max-ratio option has been removed from clamscan, and ArchiveMaxCompressionRatio in clamd.conf has been deprecated.
>>
>> Are there any remaining (or new?) options that might help flag hypercompressed files like this?
>
> If you're using clamd, perhaps try the AlertExceedsMax option together
> with the MaxScanSize and/or MaxFileSize options. No it's not the same. :/
>
> Did this arrive in mail, Kris?
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list