On Fri, 2007-10-19 at 14:15 +0200, Eric Kruse wrote: > We recently upgraded to clam 91.2 on our mail servers, and since, are > seeing an increase in warning messages in our logs: > "WARNING: not scanned; untested big block size - please report" > We used to get only one or two of these a day, but are now getting it > every few minutes. > > As I understand it from looking at the code in ole2_extract.c, clam will > skip files containing ole2 header values for "big block size" not equal > to 9 (512 = 2^9). (This was apparently to stop it from segfaulting when > scanning files with 'bad' block sizes?) > > I have compared the source to older versions, and I see that the value > that is skipped is still hard coded as 9. > > Has anything else changed in clam regarding ole2, or is this just a > coincidence, are our users just maybe just sending more mails containing > ole2 extensions that clam can't scan?
This are generally seen in MS mail files that look like OLE2 containers, but aren't. Unless the file is an Office document of some sort, they can be ignored. -trog
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
