Hi there,
On Fri, 8 Nov 2019, Arnaud Jacques wrote:
...Brent wrote:
https://www.bamsoftware.com/hacks/zipbomb/
Here you can see I scanned the zip file, thats made available from the
above site. As you can see, clamav (inconjunction with Sanesecurity),
the file passed.
vagrant@stretch:~/src$ clamscan zbsm.zip
zbsm.zip: OK
No need 3rd party signatures, official ClamAV seems to work fine with
these files :
clamscan --alert-exceeds-max=yes --max-recursion=5 --max-ziptypercg=5M
/var/tmp/tmp/zblg.zip: Heuristics.Limits.Exceeded FOUND
/var/tmp/tmp/zbsm.zip: Heuristics.Limits.Exceeded FOUND
/var/tmp/tmp/zbxl.zip: Heuristics.Limits.Exceeded FOUND
It seems that there might be room for improvement in Brent's client's
ClamAV configuration, perhaps we should be trying to understand why it
is in this state. It should be a deliberate choice to disable a test
for excessive resource usage, not an accident.
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml