- I get many false positives of Oversized.zip
- Whenever a file exceeds ArchiveMaxCompressionRatio (see clamd.conf man page), it's considered a logic bomb and marked as Oversized.zip . Try increasing your ArchiveMaxCompressionRatio setting.
customer reported that client was sending messages to them that weren't getting through. these were files created using autocad's "E-transmit" option, which gathers many, many files together into one archive for emailing. I don't know the compression scheme - i have a test zip available which i can send to the authors separately from the list if desired. the problem is this:
when i found the entries in my logs for these messages being quarantined for being Oversized.zip's, i increased the archivemaxcompressionratio from the default of 250 to 500. but the files were still quarantined! now, i've been assured that the 2 megabyte zip file that's being sent is not in fact a 4 gigabyte file. so something appears to be broken - but i don't know where.
the only way i could get the customer's mail through was to disable archivemaxcompressionratio.
http://www.anastrophe.com
http://www.smileglobal.com
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
