I wrote:
>Tomasz Kojm writes:
>>On Tue, 3 Apr 2007 23:30:12 -0500 (CDT)
>>Fletcher Mattox <[EMAIL PROTECTED]> wrote:
>>
>>> Hi,
>>>
>>> I occasionally get Oversized.Zip false positives with clamscan 0.90 (and
>>> clamav-milter) when the actual compression ratio of the zip archive is
>>> not overly large, say 250. If I put "ArchiveMaxCompressionRatio 0" in
>>
>>clamscan --max-ratio=0
>
>Yes, that solves the problem in clamscan. However, my real problem
>is with clamav-milter. I used clamscan just to demonstrate it.
>
>I do not understand the difference between --max-ratio=0 and
>"ArchiveMaxCompressionRatio 0" in clamd.conf. How do I make this work in
>clamav-milter, which does not take a --max-ratio flag? clamav-milter does
>not seem to honor "ArchiveMaxCompressionRatio 0".
Since I continue to get false positives with clamav-milter, I tried this
in clamav-milter.c:
diff -u -r1.1.1.6 clamav-milter.c
--- clamav-milter.c 16 Feb 2007 07:24:18 -0000 1.1.1.6
+++ clamav-milter.c 7 Apr 2007 18:40:35 -0000
@@ -1770,6 +1770,10 @@
}
}
+syslog(LOG_ERR, _("old limits.maxratio %d"), limits.maxratio);
+limits.maxratio = 0;
+syslog(LOG_ERR, _("new limits.maxratio %d"), limits.maxratio);
+
pthread_create(&tid, NULL, watchdog, NULL);
if(((cpt = cfgopt(copt, "PidFile")) != NULL) && cpt->enabled)
And it fixed the problem. No more false positives. It syslogged:
old limits.maxratio 250
new limits.maxratio 0
Even though I had "ArchiveMaxCompressionRatio 0" in clamd.conf. So I
conclude from this that either (1) I don't know how to set the maximum
compression ratio (quite possible!), or (2) clamav-milter is not doing
it correctly.
Fletcher
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
