On 2019-01-25 at 18:43 -0800, Dennis Peterson wrote: > You can easily use the unix split command and cat to scan files of any size. > Or > use perl to break stream file segments to the stream. The first file in a > split > or segment contains the file time and will need to be concatenated to the > beginning of each split or segment so clamav knows what it is. It doesn't > matter > if the file makes no sense just so long as no malware is found. You will need > two split sizes in order to ensure a signature doesn't span splits which > means > at least two runs of each large file, but that is trivial when scripted. SSD > drives would be useful. > > dp
Sorry, but I think ClamAV is smarter than what you seem to think. While this will allow clamav to still detect some signatures, your approach will trivially fail for: * Extended signatures that specify an offset (can create both False Positives and Negatives) * Logical signatures using eg. FileSize or NumberOfSections. * Container signatures, as the container will be corrupted * Hash signatures Kind regards PS: I assume you meat 'file mime', not 'file time' _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
