Hey Scott, The bug is that ClamAV 0.97 doesn't support scanning large files under Linux. Files greater than 2GB in size need to be handled specially under Linux. We've added large file support to 0.98. You will need to upgrade to 0.98. We don't have a firm release date for 0.98.
Thanks, Shawn On Thu, Apr 11, 2013 at 9:34 AM, Scott Ehrlich <[email protected]>wrote: > What is the current status of large-size mbox file scanning, then? Does it > work, or do I need to wait for 0.98 for successful scanning? > > If I need to wait, approximately when do you think? > > If it _does_ work now, what are the needed switches/options to make it > work? > > Thanks. > > Scott > > On Thu, Apr 11, 2013 at 9:32 AM, Shawn Webb <[email protected]> wrote: > > > Hey Scott, > > > > This is a known bug in ClamAV 0.97. We've addressed and fixed it in 0.98. > > Development is ongoing on 0.98 and there isn't a firm release date, yet. > > > > Thanks, > > > > Shawn > > > > > > On Thu, Apr 11, 2013 at 9:13 AM, Scott Ehrlich <[email protected] > > >wrote: > > > > > Making more progress - > > > > > > using --scan-mail=yes and --max-scansize=3000M the mbox file is being > > > "seen", but, as I discovered, and someone posted on a page somewhere, > > there > > > is a discrepency between "Data scanned" and "Data read". Data Scanned > > > shows about 0. Data Read shows a more appropriate large value (multi > > > megabyte). > > > > > > I then tried to play with --max-filesize= 0, or 1, or 3000M, and now > get > > > "fmap - map allocation failed" for the mbox file. > > > > > > Thus, it appears to "see" the mbox file, but, based on the Data scanned > > > field above, there is no strong evidence to claim it is being properly > > > scanned. > > > > > > I also tried --tempdir=/path/to/lot-of-space and that didn't seem to do > > any > > > good. > > > > > > Again, clamscan 0.97.7. > > > > > > Ideas are welcome. Switches from successful test results also welcome. > > > > > > Thanks. > > > > > > Scott > > > > > > > > > On Wed, Apr 10, 2013 at 8:01 PM, A K Varnell <[email protected]> > wrote: > > > > > > > > > > > On Apr 10, 2013, at 4:59 PM, A K Varnell <[email protected]> wrote: > > > > > > > > > On Apr 10, 2013, at 4:41 PM, Scott Ehrlich < > [email protected] > > > > > > > wrote: > > > > > > > > > >> You may be correct, though recalling my command-line options, > > > including > > > > >> verbose mode, the mbox file is very large, yet the scan took just > a > > > few > > > > >> seconds. > > > > > > > > > > Then you'll need to change: > > > > > > > > > > --max-filesize=#n > > > > > Extract and scan at most #n kilobytes from each > archive. > > > > You may > > > > > pass the value in megabytes in format xM or xm, where > > x > > > > is a > > > > > number. This option protects your system against > DoS > > > > attacks > > > > > (default: 25 MB, max: <4 GB) > > > > > > > > Sorry, wrong reference: > > > > > > > > --max-scansize=#n > > > > Extract and scan at most #n kilobytes from each > scanned > > > > file. > > > > You may pass the value in megabytes in format xM or > xm, > > > > where x > > > > is a number. This option protects your system > > against > > > > DoS > > > > attacks (default: 100 MB, max: <4 GB) > > > > > > > > -Al- > > > > > > > > >> ... > > > > >> Scott > > > > >> > > > > >> > > > > >> On Wed, Apr 10, 2013 at 5:41 PM, Steven Morgan < > > > [email protected] > > > > >wrote: > > > > >> > > > > >>> Scott, > > > > >>> > > > > >>> Looking at the code, I think the option is 'scan-mail'. It > defaults > > > as > > > > yes, > > > > >>> so you shouldn't need to do anything special, just clamscan > > > > /path/to/mbox/. > > > > >>> > > > > >>> Let us know if that is not working. > > > > >>> > > > > >>> Steve > > > > >>> > > > > >>> On Wed, Apr 10, 2013 at 4:46 PM, Scott Ehrlich < > > > > [email protected] > > > > >>>> wrote: > > > > >>> > > > > >>>> I just compiled clamav 0.97.7 on SANS SIFT Linux. > > > > >>>> > > > > >>>> Reviewing the README file and google, it appears that clamscan > > > should > > > > be > > > > >>>> able to review/scan mbox files, but any attempt at using --mbox, > > > such > > > > as > > > > >>>> clamscan --mbox or clamscan -d /tmp/virdir --mbox > > /path/to/mboxfile, > > > > >>>> reports an error with the --mbox switch. > > > > >>>> > > > > >>>> I reviewed the configuration file, and there was nothing for > mbox > > > > >>> support. > > > > >>>> > > > > >>>> Am I missing something? > > > > >>>> > > > > >>>> Thanks. > > > > >>>> > > > > >>>> Scott > > > > >>>> _______________________________________________ > > > > >>>> Help us build a comprehensive ClamAV guide: visit > > > > http://wiki.clamav.net > > > > >>>> http://www.clamav.net/support/ml > > > > >>>> > > > > >>> _______________________________________________ > > > > >>> Help us build a comprehensive ClamAV guide: visit > > > > http://wiki.clamav.net > > > > >>> http://www.clamav.net/support/ml > > > > >>> > > > > >> _______________________________________________ > > > > >> Help us build a comprehensive ClamAV guide: visit > > > > http://wiki.clamav.net > > > > >> http://www.clamav.net/support/ml > > > > > > > > > > _______________________________________________ > > > > > Help us build a comprehensive ClamAV guide: visit > > > http://wiki.clamav.net > > > > > http://www.clamav.net/support/ml > > > > > > > > _______________________________________________ > > > > Help us build a comprehensive ClamAV guide: visit > > http://wiki.clamav.net > > > > http://www.clamav.net/support/ml > > > > > > > _______________________________________________ > > > Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > > > http://www.clamav.net/support/ml > > > > > _______________________________________________ > > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > > http://www.clamav.net/support/ml > > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
