I've just come across a presumed-malicious .zip file of about 500K that
contains a ~315M ISO image, which in turn appears to contain a ~315M
executable file.
After a bit of searching and testing I see the --max-ratio option has
been removed from clamscan, and ArchiveMaxCompressionRatio in clamd.conf
has been deprecated.
Are there any remaining (or new?) options that might help flag
hypercompressed files like this?
-kgd
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
contains a ~315M ISO image, which in turn appears to contain a ~315M
executable file.
After a bit of searching and testing I see the --max-ratio option has
been removed from clamscan, and ArchiveMaxCompressionRatio in clamd.conf
has been deprecated.
Are there any remaining (or new?) options that might help flag
hypercompressed files like this?
-kgd
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml