Tomasz Papszun wrote:
On Tue, 21 Dec 2004 at 7:32:08 +1100, Robert S wrote:I must say that I think it's a bad idea to be allowing on-line scanners to scan ISO images. clamscan took over 7 min to scan a Knoppix ISO I have - I can't imagine that "drag and dropping" a 700M file onto a Samba server and having it HANG for 7+ minutes before finishing the write would be acceptable to most people.
I'm using samba + vscan-clamav. I've recently created an iso image of MS Office 2000 Pro CD 1. When I try to copy it to my samba/clam server it gets reported as being infected thus:
smbd_vscan-clamav[22858]: ALERT - Scan result: '/pub/CDImages/Office 2000 CD1.iso' infected with virus 'Exploit.IFrame.Gen'
In fact, none of the commercial on-line Windows scanners I've used would ever scan such a large file - they all have sanity cutoffs of (say) 20M filesizes before they give up. Unless you have such an option, you are opening your file server up to DoS attacks (i.e. drop the same ISO 5 times onto the server and watch your server hit 100% CPU).
Does vscan for Samba have such an "max filesize" option? (I don't use it myself). If it doesn't, it probably should...
-- Cheers
Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
