Re: [clamav-users] Inquiry about ClamAV's clamdscan scan timeout

Fri, 26 Aug 2022 13:32:16 -0700 

Hi Nozomi Tachibanaki,

You may add this option to your clamd.conf​ to enable alerts when the scan 
limits are exceeded: AlertExceedsMax yes​

It should cause signature alerts like these when one of the limits causes the 
scan to end early:
    - Heuristics.Limits.Exceeded.MaxFileSize​ FOUND
    - Heuristics.Limits.Exceeded.MaxScanSize​​ FOUND
    - Heuristics.Limits.Exceeded.MaxFiles​​ FOUND
    - Heuristics.Limits.Exceeded.MaxRecursion​​ FOUND
    - Heuristics.Limits.Exceeded.MaxScanTime​​ FOUND

If you do enable this, just keep in mind that when these alerts happen that it 
does not mean there is anything wrong with the file, just that the scan was 
incomplete because it exceeded one of the scan limits.

These heuristic alerts should work most of the time, although I am actively 
working on improvements to error handling and alert reporting as I work on 
overhauling the allmatch-mode feature (for reporting more than one signature 
alert). I am hopeful that my current work will make these scan limit alerts 
even more reliable in the future.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

________________________________
From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of 
Tachibanaki Nozomi (橘木 希美) <nozomi.tachiban...@jp.ricoh.com>
Sent: Tuesday, August 23, 2022 10:23 PM
To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net>
Cc: Hino Shogo (日野 翔豪) <shogo.h...@jp.ricoh.com>; Sugawara Masatomo (菅原 正大) 
<masatomo.sugaw...@jp.ricoh.com>
Subject: [clamav-users] Inquiry about ClamAV's clamdscan scan timeout


Dear Sir or Madam,



I am Tachibanaki from Ricoh IT Solutions Co., Ltd..

Thank you for your recent response to my inquiry.



The purpose of this email is to inquire about ClamAV's clamdscan scan timeout.



  1.  Is there any way to check when a scan timeout occurs? (e.g., display a 
message, etc.)
  2.  I scanned a ZIP file(1.7GB) containing a test virus file with clamdscan 
and it exited successfully without detecting any virus. Is this a specification?

The scan.conf settings are as follows:

・ReadTimeout 120

・MaxScanTime 120000

・MaxScanSize 2048M

・MaxFileSize 2048M

・MaxZipTypeRcg 2048M



I look forward to hearing from you soon.

Yours sincerely,





Nozomi Tachibanaki







_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Reply via email to