[clamav-users] Question About MaxFileSize
Micah Snyder (micasnyd)
micasnyd at cisco.com
Thu Jun 8 20:55:25 UTC 2023
I agree with you. I suspect the majority of cases today is when people have a large archive of files to scan.
I think best case scenario for people with a need to scan files larger than the present internal 2GB limit is that archives larger than 2GB are decompressed and then the files inside are scanned, but without actually scanning the very large outer archive.
The way to do this as things work today is to script something around clamscan or clamdscan that if the file is too large, handle some assorted file types:
1. if file is a tar.gz, un-tar.gz it and then scan the files within.
2. if file is a zip, un-zip it and then scan the files within.
3. etc.
I think everyone would like if clamav could do this automatically for select archive types. And I think the advantage would be that we would perhaps keep the extracted files in memory, or else at least delete the temp files as we go without extracting all of it to disk before starting to scan.
However, it would be far easier to make a shell script or a python script that wraps clamscan/clamdscan and uses native tools like "tar", "unzip", etc.
Regards,
Micah
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: clamav-users <clamav-users-bounces at lists.clamav.net> on behalf of Andrew C Aitchison via clamav-users <clamav-users at lists.clamav.net>
Sent: Wednesday, May 24, 2023 1:34 AM
To: ClamAV users ML <clamav-users at lists.clamav.net>
Cc: Andrew C Aitchison <clamav at aitchison.me.uk>
Subject: Re: [clamav-users] Question About MaxFileSize
On Wed, 24 May 2023, Tachibanaki Nozomi (橘木 希美) wrote:
> Dear Sir or Madam,
>
> Thank you for your help always.
> I am contacting you to ask about MaxFileSize in clamd.conf.
>
> The following description is found in the configuration of
> /usr/local/etc/clamd.conf.
>
> MaxFileSize
> # Technical design limitations prevent ClamAV from scanning files greater than
> # 2 GB at this time.
>
> Is there any plan or possibility to change the technical design
> limitation that prevents scanning files larger than 2 GB in the
> future?
I believe that the intention is to remove this limit at some point.
I wonder whether the technical limitations are less severe for
archive formats such as tar and zip.
Could "small" files inside "large" archives be scanned
without the work necessary for full "large" file support ?
Apart from vulnerabilities caused by 2GB and 4GB limits themselves,
I think scanning inside large archives might solve many of the
reasons for scanning large files.
--
Andrew C. Aitchison Kendal, UK
andrew at aitchison.me.uk
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20230608/21d580c5/attachment.htm>
More information about the clamav-users
mailing list