Bogusław Brandys wrote:
HR wrote:
I've been running some tests lately, and I can not make clam block files
that exceed ArchiveMaxRecursion. I guess the same goes for the other
limits too, although I haven't tested them. clamd.conf attached inline
below. According to the log, the settings are acknowledged, but then a
(too) deep zip testarchive with the eicar is let through. I have
ofcourse verified that the file is in fact stopped as long as the
archive is not too deep.
I'm using postfix->clamsmtpd->clamd, so could the problem be clamsmtpd
not interpreting a certain return status from clamd?
...
Dec 13 17:48:30 slugger clamd[11512]: Archive: Archived file size limit
set to 20971520 bytes.
Dec 13 17:48:30 slugger clamd[11512]: Archive: Recursion level limit set
to 2.
5-6 is better choice as some malwares are still undetected with limit
set to 2.
...and you're completely missing my point, which is that viruses in too
deeply nested archives are let through, rather than being blocked
because the nesting is too deep. I set it to 2 to not have to bother
create so much nesting in my tests.
ArchiveBlockMax should ...errh well... block the archive/mail because it
exceeds some max setting.
HR
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
