According to --debug, when it hit the mbox file, for clamscan, I got: libclamav: cli_updatelimits: filesize exceeded (allowed: abc, needed: xyz)
How to fix this? Thanks. Scott On Thu, Apr 11, 2013 at 9:59 AM, Shawn Webb <[email protected]> wrote: > Interesting. Can you send me the log file from clamscan or clamd (whichever > you're using to scan the file)? I'll take a look at it ASAP. If you could, > please add --debug and --verbose to the scan. > > > On Thu, Apr 11, 2013 at 9:50 AM, Scott Ehrlich <[email protected] > >wrote: > > > I'm getting these results with a 1.5 GB file (thus, less than 2 GB). > > > > What is the best way to scan it? > > > > Thanks. > > > > Scott > > > > On Thu, Apr 11, 2013 at 9:42 AM, Shawn Webb <[email protected]> > wrote: > > > > > Hey Scott, > > > > > > The bug is that ClamAV 0.97 doesn't support scanning large files under > > > Linux. Files greater than 2GB in size need to be handled specially > under > > > Linux. We've added large file support to 0.98. You will need to upgrade > > to > > > 0.98. We don't have a firm release date for 0.98. > > > > > > Thanks, > > > > > > Shawn > > > > > > > > > On Thu, Apr 11, 2013 at 9:34 AM, Scott Ehrlich < > [email protected] > > > >wrote: > > > > > > > What is the current status of large-size mbox file scanning, then? > > Does > > > it > > > > work, or do I need to wait for 0.98 for successful scanning? > > > > > > > > If I need to wait, approximately when do you think? > > > > > > > > If it _does_ work now, what are the needed switches/options to make > it > > > > work? > > > > > > > > Thanks. > > > > > > > > Scott > > > > > > > > On Thu, Apr 11, 2013 at 9:32 AM, Shawn Webb <[email protected]> > > > wrote: > > > > > > > > > Hey Scott, > > > > > > > > > > This is a known bug in ClamAV 0.97. We've addressed and fixed it in > > > 0.98. > > > > > Development is ongoing on 0.98 and there isn't a firm release date, > > > yet. > > > > > > > > > > Thanks, > > > > > > > > > > Shawn > > > > > > > > > > > > > > > On Thu, Apr 11, 2013 at 9:13 AM, Scott Ehrlich < > > > [email protected] > > > > > >wrote: > > > > > > > > > > > Making more progress - > > > > > > > > > > > > using --scan-mail=yes and --max-scansize=3000M the mbox file is > > being > > > > > > "seen", but, as I discovered, and someone posted on a page > > somewhere, > > > > > there > > > > > > is a discrepency between "Data scanned" and "Data read". Data > > > Scanned > > > > > > shows about 0. Data Read shows a more appropriate large value > > (multi > > > > > > megabyte). > > > > > > > > > > > > I then tried to play with --max-filesize= 0, or 1, or 3000M, and > > now > > > > get > > > > > > "fmap - map allocation failed" for the mbox file. > > > > > > > > > > > > Thus, it appears to "see" the mbox file, but, based on the Data > > > scanned > > > > > > field above, there is no strong evidence to claim it is being > > > properly > > > > > > scanned. > > > > > > > > > > > > I also tried --tempdir=/path/to/lot-of-space and that didn't seem > > to > > > do > > > > > any > > > > > > good. > > > > > > > > > > > > Again, clamscan 0.97.7. > > > > > > > > > > > > Ideas are welcome. Switches from successful test results also > > > welcome. > > > > > > > > > > > > Thanks. > > > > > > > > > > > > Scott > > > > > > > > > > > > > > > > > > On Wed, Apr 10, 2013 at 8:01 PM, A K Varnell <[email protected]> > > > > wrote: > > > > > > > > > > > > > > > > > > > > On Apr 10, 2013, at 4:59 PM, A K Varnell <[email protected]> > > > wrote: > > > > > > > > > > > > > > > On Apr 10, 2013, at 4:41 PM, Scott Ehrlich < > > > > [email protected] > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > >> You may be correct, though recalling my command-line > options, > > > > > > including > > > > > > > >> verbose mode, the mbox file is very large, yet the scan took > > > just > > > > a > > > > > > few > > > > > > > >> seconds. > > > > > > > > > > > > > > > > Then you'll need to change: > > > > > > > > > > > > > > > > --max-filesize=#n > > > > > > > > Extract and scan at most #n kilobytes from each > > > > archive. > > > > > > > You may > > > > > > > > pass the value in megabytes in format xM or xm, > > > where > > > > > x > > > > > > > is a > > > > > > > > number. This option protects your system > > against > > > > DoS > > > > > > > attacks > > > > > > > > (default: 25 MB, max: <4 GB) > > > > > > > > > > > > > > Sorry, wrong reference: > > > > > > > > > > > > > > --max-scansize=#n > > > > > > > Extract and scan at most #n kilobytes from each > > > > scanned > > > > > > > file. > > > > > > > You may pass the value in megabytes in format xM > > or > > > > xm, > > > > > > > where x > > > > > > > is a number. This option protects your > system > > > > > against > > > > > > > DoS > > > > > > > attacks (default: 100 MB, max: <4 GB) > > > > > > > > > > > > > > -Al- > > > > > > > > > > > > > > >> ... > > > > > > > >> Scott > > > > > > > >> > > > > > > > >> > > > > > > > >> On Wed, Apr 10, 2013 at 5:41 PM, Steven Morgan < > > > > > > [email protected] > > > > > > > >wrote: > > > > > > > >> > > > > > > > >>> Scott, > > > > > > > >>> > > > > > > > >>> Looking at the code, I think the option is 'scan-mail'. It > > > > defaults > > > > > > as > > > > > > > yes, > > > > > > > >>> so you shouldn't need to do anything special, just clamscan > > > > > > > /path/to/mbox/. > > > > > > > >>> > > > > > > > >>> Let us know if that is not working. > > > > > > > >>> > > > > > > > >>> Steve > > > > > > > >>> > > > > > > > >>> On Wed, Apr 10, 2013 at 4:46 PM, Scott Ehrlich < > > > > > > > [email protected] > > > > > > > >>>> wrote: > > > > > > > >>> > > > > > > > >>>> I just compiled clamav 0.97.7 on SANS SIFT Linux. > > > > > > > >>>> > > > > > > > >>>> Reviewing the README file and google, it appears that > > clamscan > > > > > > should > > > > > > > be > > > > > > > >>>> able to review/scan mbox files, but any attempt at using > > > --mbox, > > > > > > such > > > > > > > as > > > > > > > >>>> clamscan --mbox or clamscan -d /tmp/virdir --mbox > > > > > /path/to/mboxfile, > > > > > > > >>>> reports an error with the --mbox switch. > > > > > > > >>>> > > > > > > > >>>> I reviewed the configuration file, and there was nothing > for > > > > mbox > > > > > > > >>> support. > > > > > > > >>>> > > > > > > > >>>> Am I missing something? > > > > > > > >>>> > > > > > > > >>>> Thanks. > > > > > > > >>>> > > > > > > > >>>> Scott > > > > > > > >>>> _______________________________________________ > > > > > > > >>>> Help us build a comprehensive ClamAV guide: visit > > > > > > > http://wiki.clamav.net > > > > > > > >>>> http://www.clamav.net/support/ml > > > > > > > >>>> > > > > > > > >>> _______________________________________________ > > > > > > > >>> Help us build a comprehensive ClamAV guide: visit > > > > > > > http://wiki.clamav.net > > > > > > > >>> http://www.clamav.net/support/ml > > > > > > > >>> > > > > > > > >> _______________________________________________ > > > > > > > >> Help us build a comprehensive ClamAV guide: visit > > > > > > > http://wiki.clamav.net > > > > > > > >> http://www.clamav.net/support/ml > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > Help us build a comprehensive ClamAV guide: visit > > > > > > http://wiki.clamav.net > > > > > > > > http://www.clamav.net/support/ml > > > > > > > > > > > > > > _______________________________________________ > > > > > > > Help us build a comprehensive ClamAV guide: visit > > > > > http://wiki.clamav.net > > > > > > > http://www.clamav.net/support/ml > > > > > > > > > > > > > _______________________________________________ > > > > > > Help us build a comprehensive ClamAV guide: visit > > > > http://wiki.clamav.net > > > > > > http://www.clamav.net/support/ml > > > > > > > > > > > _______________________________________________ > > > > > Help us build a comprehensive ClamAV guide: visit > > > http://wiki.clamav.net > > > > > http://www.clamav.net/support/ml > > > > > > > > > _______________________________________________ > > > > Help us build a comprehensive ClamAV guide: visit > > http://wiki.clamav.net > > > > http://www.clamav.net/support/ml > > > > > > > _______________________________________________ > > > Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > > > http://www.clamav.net/support/ml > > > > > _______________________________________________ > > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > > http://www.clamav.net/support/ml > > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
