Mailing List Archive

[clamav-users] Clamdscan is scanning files larger than 4GB
Hello! I am using clamav version 0.102.4, on Ubuntu 20.04.
I configured the max file size and Maxscansize to be 10M. When I scan files
larger than that, it returns with an OK, telling me that it scanned.

It seems to me that clamdscan is completely ignoring this configuration. Is
there something I’m doing wrong?
Re: [clamav-users] Clamdscan is scanning files larger than 4GB [ In reply to ]
Hi there,

On Mon, 18 Jan 2021, Michael Kyriacou via clamav-users wrote:

> Hello! I am using clamav version 0.102.4, on Ubuntu 20.04.
> I configured the max file size and Maxscansize to be 10M. When I scan files
> larger than that, it returns with an OK, telling me that it scanned.
>
> It seems to me that clamdscan is completely ignoring this configuration. Is
> there something I’m doing wrong?

Restart clamd.

Time how long it takes to scan a very large file.

Set the limits ten times higher and restart clamd again.

Time the same scan of the same file.

Do the times tell us anything?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clamdscan is scanning files larger than 4GB [ In reply to ]
The “OK” response indicates that nothing was found, whether the entire file was scanned, some of it was scanned, or none of it was scanned. If the max file size is 10M, and the file is 11M, it will skip the file and say “OK”.
I’ll be honest, I’m not a huge fan of this behavior or the use of the word “OK” to indicate that nothing was found or that the file was skipped. But I am also wary of changing it from “OK” to something else, as it will undoubtedly break scripts and other tooling for many users.

If you want to know if the file has been skipped because it exceeded the maximum file size, scan size, scan recursion, or scan time, you can use the clamd.conf option “AlertExceedsMax yes” or the clamscan option --alert-exceeds-max. This will report “Heuristics.Limits.Exceeded FOUND" for each file that exceeds any one of the maximums.

-Micah

From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of Michael Kyriacou via clamav-users
Sent: Monday, January 18, 2021 3:10 PM
To: clamav-users@lists.clamav.net
Cc: Michael Kyriacou <mkyriacou111@gmail.com>
Subject: [clamav-users] Clamdscan is scanning files larger than 4GB

Hello! I am using clamav version 0.102.4, on Ubuntu 20.04.
I configured the max file size and Maxscansize to be 10M. When I scan files larger than that, it returns with an OK, telling me that it scanned.

It seems to me that clamdscan is completely ignoring this configuration. Is there something I’m doing wrong?