I've been running some tests lately, and I can not make clam block files that exceed ArchiveMaxRecursion. I guess the same goes for the other limits too, although I haven't tested them. clamd.conf attached inline below. According to the log, the settings are acknowledged, but then a (too) deep zip testarchive with the eicar is let through. I have ofcourse verified that the file is in fact stopped as long as the archive is not too deep.
I'm using postfix->clamsmtpd->clamd, so could the problem be clamsmtpd not interpreting a certain return status from clamd?
... Dec 13 17:48:30 slugger clamd[11512]: Archive: Archived file size limit set to 20971520 bytes. Dec 13 17:48:30 slugger clamd[11512]: Archive: Recursion level limit set to 2.
5-6 is better choice as some malwares are still undetected with limit set to 2.
Regards Boguslaw Brandys _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
