Hi there, On Tue, 21 Dec 2021, Hart, Steven A. via clamav-users wrote:
Looks like I got it. I was unfamiliar with how to search through the ClamAV users archives but now I found a previous post suggesting to up the max-filesize and max-scansize. Doing that worked for me. It's just odd that a tarball that is extremely small, still needs these parameters set to work. Thanks for the help! Problem appears to be resolved for me. ...
I was in the middle of replying when your post came in. :) Yes, the default limits are a bit conservative. It's mainly about preventing denial of service, which with something that can scan an entire filesystem recursively for ten million different threats is pretty easy to accomplish. You might find that some of the logging helps, you can increase the verbosity. Also I saw you were using the clamscan '-i' switch, which silences some output for clean files but sometimes that output can be useful.
... ----------- SCAN SUMMARY ----------- Known viruses: 8584449 Engine version: 0.103.4 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Data read: 333.34 MB (ratio 0.00:1) Time: 10.408 sec (0 m 10 s) ...
According to the report you seem to have read quite a lot of data but not scanned very much so that's a clue. But be warned that the 'Data scanned' and 'Data read' values are by (compiled in) default limited to (I think) 4kbyte blocks so they can be a bit misleading. Sometimes I've patched the source to increase the granularity but there might be a performance implication. As always, be aware that just because ClamAV doesn't find anything it doesn't necessarily mean that there's nothing there to be found. -- 73, Ged. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
