As can be found at the FAQ [http://www.clamav.org/support/faq/] :
Whenever a file exceeds ArchiveMaxCompressionRatio (see clamd.conf man page), it’s considered a logic bomb and marked as Oversized.zip . Try increasing your ArchiveMaxCompressionRatio setting.
~SimonH On 22/Jun/2008, at 19:34, Philippe Faure wrote:
Hello, Running clamscan -V ClamAV 0.92.1. freshclam -V ClamAV 0.92.1/7532/Sun Jun 22 09:52:49 2008 I have run Norton Antivirus (corporate edition) and clamscan on the same compressed and un-compressed files. Norton does not find any virus within either compressed or un-compressed files. While clamscan reports the following: "camrela_backup/Movies_on_CD_DVD_40_e-version.zip: Oversized.Zip FOUND ----------- SCAN SUMMARY ----------- Known viruses: 324768 Engine version: 0.92.1 Scanned directories: 131 Scanned files: 2328 Infected files: 1 Data scanned: 304.39 MB Time: 107.562 sec (1 m 47 s) " The command that I ran was: clamscan -ri carmela_backup To start of with there is no Oversized.zip file in the zipped file? Is this a false positive, or does clamscan just not like the size of the compressed file? I have even larger compressed files which clamscan does not complain about. Here is the clamd config file: LocalSocket /var/run/clamav/clamd.ctl FixStaleSocket true User clamav AllowSupplementaryGroups true ScanMail true ScanArchive true ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 ArchiveMaxFileSize 10M ArchiveMaxCompressionRatio 250 ArchiveLimitMemoryUsage false ArchiveBlockEncrypted false MaxDirectoryRecursion 15 FollowDirectorySymlinks false FollowFileSymlinks false ReadTimeout 180 MaxThreads 12 MaxConnectionQueueLength 15 StreamMaxLength 10M LogSyslog false LogFacility LOG_LOCAL6 LogClean false LogVerbose false PidFile /var/run/clamav/clamd.pid DatabaseDirectory /var/lib/clamav TemporaryDirectory /tmp SelfCheck 3600 Foreground false Debug false ScanPE true ScanOLE2 true ScanHTML true DetectBrokenExecutables false MailFollowURLs false ArchiveBlockMax false ExitOnOOM false LeaveTemporaryFiles false AlgorithmicDetection true ScanELF true IdleTimeout 30 MailMaxRecursion 64 PhishingSignatures true PhishingScanURLs true PhishingRestrictedScan true PhishingAlwaysBlockSSLMismatch false PhishingAlwaysBlockCloak false DetectPUA false LogFile /var/log/clamav/clamav.log LogTime true LogFileUnlock false LogFileMaxSize 0 Here is the freshclam config file: DatabaseOwner clamav UpdateLogFile /var/log/clamav/freshclam.log LogVerbose false LogSyslog false LogFacility LOG_LOCAL6 LogFileMaxSize 0 LogTime no Foreground false Debug false MaxAttempts 5 DatabaseDirectory /var/lib/clamav/ DNSDatabaseInfo current.cvd.clamav.net AllowSupplementaryGroups false PidFile /var/run/clamav/freshclam.pid ConnectTimeout 30 ReceiveTimeout 30 ScriptedUpdates yes # Check for new database 6 times a day Checks 6 DatabaseMirror db.local.clamav.net DatabaseMirror database.clamav.net _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Simon Hollingshead [EMAIL PROTECTED]Messages sent from this email are digitally signed by Thawte. Please do not be worried if you see an attachment named smime.p7s, this is the cryptographic signature.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
