Ged, When did clamav start scanning iso files? I just tried this and found a eicar.txt file, so yes it does work.
For email, I always just blocked iso extensions. Still doesn’t like MacOS cdr extensions, but a great improvement. Sincerely, Eric Tykwinski > On Jan 14, 2022, at 6:21 PM, G.W. Haywood via clamav-users > <[email protected]> wrote: > > Hi there, > > On Fri, 14 Jan 2022, Kris Deugau wrote: > >> I've just come across a presumed-malicious .zip file of about 500K that >> contains a ~315M ISO image, which in turn appears to contain a ~315M >> executable file. >> >> After a bit of searching and testing I see the --max-ratio option has been >> removed from clamscan, and ArchiveMaxCompressionRatio in clamd.conf has been >> deprecated. >> >> Are there any remaining (or new?) options that might help flag >> hypercompressed files like this? > > If you're using clamd, perhaps try the AlertExceedsMax option together > with the MaxScanSize and/or MaxFileSize options. No it's not the same. :/ > > Did this arrive in mail, Kris? > > -- > > 73, > Ged. > > _______________________________________________ > > clamav-users mailing list > [email protected] > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
