Alexandre Biancalana wrote: > On 9/19/08, Dennis Peterson <[EMAIL PROTECTED]> wrote: >> fchan wrote: >> > I read your links and I understand possible DoS and other issues but >> > to repeat Alexandre's idea, why is there no error message for file >> > that are too large to notify the admin so they can adjust clamd.conf >> > or other action. Right now this infected file passes through like if >> > it was not infected which would be dangerous under certain conditions. >> > IMHO this file shouldn't pass through clamav without any error message. >> > >> > Frank >> >> >> What would the error message say? There was no error in my view. The >> file was larger than what the OP was willing to test so it was not >> tested (if I understand it correctly). As such it is accepted at risk. >> It is the OP's job to decide what else to do with files that are >> accepted at risk. That may require yet another milter or other process >> spawned by procmail, for example. > > Could not be an error message, just a warning, a informative message, > saying that the file was not scanned and not that the file is > clean.... > > In this case I'm using clamav on a file server to scan user files not > emails...
Doesn't matter - if you tell clamav to ignore certain files you are then obliged to use another method to test those files or ignore them. It would be rather trivial to write a script that finds large files and takes an action on them, but if you're going to scan them, then why prevent clamav from scanning them in the first place? dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml