I agree with you. I suspect the majority of cases today is when people have a large archive of files to scan.
I think best case scenario for people with a need to scan files larger than the present internal 2GB limit is that archives larger than 2GB are decompressed and then the files inside are scanned, but without actually scanning the very large outer archive. The way to do this as things work today is to script something around clamscan or clamdscan that if the file is too large, handle some assorted file types: 1. if file is a tar.gz, un-tar.gz it and then scan the files within. 2. if file is a zip, un-zip it and then scan the files within. 3. etc. I think everyone would like if clamav could do this automatically for select archive types. And I think the advantage would be that we would perhaps keep the extracted files in memory, or else at least delete the temp files as we go without extracting all of it to disk before starting to scan. However, it would be far easier to make a shell script or a python script that wraps clamscan/clamdscan and uses native tools like "tar", "unzip", etc. Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. ________________________________ From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of Andrew C Aitchison via clamav-users <clamav-users@lists.clamav.net> Sent: Wednesday, May 24, 2023 1:34 AM To: ClamAV users ML <clamav-users@lists.clamav.net> Cc: Andrew C Aitchison <cla...@aitchison.me.uk> Subject: Re: [clamav-users] Question About MaxFileSize On Wed, 24 May 2023, Tachibanaki Nozomi (橘木 希美) wrote: > Dear Sir or Madam, > > Thank you for your help always. > I am contacting you to ask about MaxFileSize in clamd.conf. > > The following description is found in the configuration of > /usr/local/etc/clamd.conf. > > MaxFileSize > # Technical design limitations prevent ClamAV from scanning files greater than > # 2 GB at this time. > > Is there any plan or possibility to change the technical design > limitation that prevents scanning files larger than 2 GB in the > future? I believe that the intention is to remove this limit at some point. I wonder whether the technical limitations are less severe for archive formats such as tar and zip. Could "small" files inside "large" archives be scanned without the work necessary for full "large" file support ? Apart from vulnerabilities caused by 2GB and 4GB limits themselves, I think scanning inside large archives might solve many of the reasons for scanning large files. -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat