I'm getting these results with a 1.5 GB file (thus, less than 2 GB). What is the best way to scan it?
Thanks. Scott On Thu, Apr 11, 2013 at 9:42 AM, Shawn Webb <[email protected]> wrote: > Hey Scott, > > The bug is that ClamAV 0.97 doesn't support scanning large files under > Linux. Files greater than 2GB in size need to be handled specially under > Linux. We've added large file support to 0.98. You will need to upgrade to > 0.98. We don't have a firm release date for 0.98. > > Thanks, > > Shawn > > > On Thu, Apr 11, 2013 at 9:34 AM, Scott Ehrlich <[email protected] > >wrote: > > > What is the current status of large-size mbox file scanning, then? Does > it > > work, or do I need to wait for 0.98 for successful scanning? > > > > If I need to wait, approximately when do you think? > > > > If it _does_ work now, what are the needed switches/options to make it > > work? > > > > Thanks. > > > > Scott > > > > On Thu, Apr 11, 2013 at 9:32 AM, Shawn Webb <[email protected]> > wrote: > > > > > Hey Scott, > > > > > > This is a known bug in ClamAV 0.97. We've addressed and fixed it in > 0.98. > > > Development is ongoing on 0.98 and there isn't a firm release date, > yet. > > > > > > Thanks, > > > > > > Shawn > > > > > > > > > On Thu, Apr 11, 2013 at 9:13 AM, Scott Ehrlich < > [email protected] > > > >wrote: > > > > > > > Making more progress - > > > > > > > > using --scan-mail=yes and --max-scansize=3000M the mbox file is being > > > > "seen", but, as I discovered, and someone posted on a page somewhere, > > > there > > > > is a discrepency between "Data scanned" and "Data read". Data > Scanned > > > > shows about 0. Data Read shows a more appropriate large value (multi > > > > megabyte). > > > > > > > > I then tried to play with --max-filesize= 0, or 1, or 3000M, and now > > get > > > > "fmap - map allocation failed" for the mbox file. > > > > > > > > Thus, it appears to "see" the mbox file, but, based on the Data > scanned > > > > field above, there is no strong evidence to claim it is being > properly > > > > scanned. > > > > > > > > I also tried --tempdir=/path/to/lot-of-space and that didn't seem to > do > > > any > > > > good. > > > > > > > > Again, clamscan 0.97.7. > > > > > > > > Ideas are welcome. Switches from successful test results also > welcome. > > > > > > > > Thanks. > > > > > > > > Scott > > > > > > > > > > > > On Wed, Apr 10, 2013 at 8:01 PM, A K Varnell <[email protected]> > > wrote: > > > > > > > > > > > > > > On Apr 10, 2013, at 4:59 PM, A K Varnell <[email protected]> > wrote: > > > > > > > > > > > On Apr 10, 2013, at 4:41 PM, Scott Ehrlich < > > [email protected] > > > > > > > > > wrote: > > > > > > > > > > > >> You may be correct, though recalling my command-line options, > > > > including > > > > > >> verbose mode, the mbox file is very large, yet the scan took > just > > a > > > > few > > > > > >> seconds. > > > > > > > > > > > > Then you'll need to change: > > > > > > > > > > > > --max-filesize=#n > > > > > > Extract and scan at most #n kilobytes from each > > archive. > > > > > You may > > > > > > pass the value in megabytes in format xM or xm, > where > > > x > > > > > is a > > > > > > number. This option protects your system against > > DoS > > > > > attacks > > > > > > (default: 25 MB, max: <4 GB) > > > > > > > > > > Sorry, wrong reference: > > > > > > > > > > --max-scansize=#n > > > > > Extract and scan at most #n kilobytes from each > > scanned > > > > > file. > > > > > You may pass the value in megabytes in format xM or > > xm, > > > > > where x > > > > > is a number. This option protects your system > > > against > > > > > DoS > > > > > attacks (default: 100 MB, max: <4 GB) > > > > > > > > > > -Al- > > > > > > > > > > >> ... > > > > > >> Scott > > > > > >> > > > > > >> > > > > > >> On Wed, Apr 10, 2013 at 5:41 PM, Steven Morgan < > > > > [email protected] > > > > > >wrote: > > > > > >> > > > > > >>> Scott, > > > > > >>> > > > > > >>> Looking at the code, I think the option is 'scan-mail'. It > > defaults > > > > as > > > > > yes, > > > > > >>> so you shouldn't need to do anything special, just clamscan > > > > > /path/to/mbox/. > > > > > >>> > > > > > >>> Let us know if that is not working. > > > > > >>> > > > > > >>> Steve > > > > > >>> > > > > > >>> On Wed, Apr 10, 2013 at 4:46 PM, Scott Ehrlich < > > > > > [email protected] > > > > > >>>> wrote: > > > > > >>> > > > > > >>>> I just compiled clamav 0.97.7 on SANS SIFT Linux. > > > > > >>>> > > > > > >>>> Reviewing the README file and google, it appears that clamscan > > > > should > > > > > be > > > > > >>>> able to review/scan mbox files, but any attempt at using > --mbox, > > > > such > > > > > as > > > > > >>>> clamscan --mbox or clamscan -d /tmp/virdir --mbox > > > /path/to/mboxfile, > > > > > >>>> reports an error with the --mbox switch. > > > > > >>>> > > > > > >>>> I reviewed the configuration file, and there was nothing for > > mbox > > > > > >>> support. > > > > > >>>> > > > > > >>>> Am I missing something? > > > > > >>>> > > > > > >>>> Thanks. > > > > > >>>> > > > > > >>>> Scott > > > > > >>>> _______________________________________________ > > > > > >>>> Help us build a comprehensive ClamAV guide: visit > > > > > http://wiki.clamav.net > > > > > >>>> http://www.clamav.net/support/ml > > > > > >>>> > > > > > >>> _______________________________________________ > > > > > >>> Help us build a comprehensive ClamAV guide: visit > > > > > http://wiki.clamav.net > > > > > >>> http://www.clamav.net/support/ml > > > > > >>> > > > > > >> _______________________________________________ > > > > > >> Help us build a comprehensive ClamAV guide: visit > > > > > http://wiki.clamav.net > > > > > >> http://www.clamav.net/support/ml > > > > > > > > > > > > _______________________________________________ > > > > > > Help us build a comprehensive ClamAV guide: visit > > > > http://wiki.clamav.net > > > > > > http://www.clamav.net/support/ml > > > > > > > > > > _______________________________________________ > > > > > Help us build a comprehensive ClamAV guide: visit > > > http://wiki.clamav.net > > > > > http://www.clamav.net/support/ml > > > > > > > > > _______________________________________________ > > > > Help us build a comprehensive ClamAV guide: visit > > http://wiki.clamav.net > > > > http://www.clamav.net/support/ml > > > > > > > _______________________________________________ > > > Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > > > http://www.clamav.net/support/ml > > > > > _______________________________________________ > > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > > http://www.clamav.net/support/ml > > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
