I agree with you. I suspect the majority of cases today is when people have a
large archive of files to scan.
I think best case scenario for people with a need to scan files larger than the
present internal 2GB limit is that archives larger than 2GB are decompressed
and then the files inside are scanned, but without actually scanning the very
large outer archive.
The way to do this as things work today is to script something around clamscan
or clamdscan that if the file is too large, handle some assorted file types:
1. if file is a tar.gz, un-tar.gz it and then scan the files within.
2. if file is a zip, un-zip it and then scan the files within.
3. etc.
I think everyone would like if clamav could do this automatically for select
archive types. And I think the advantage would be that we would perhaps keep
the extracted files in memory, or else at least delete the temp files as we go
without extracting all of it to disk before starting to scan.
However, it would be far easier to make a shell script or a python script that
wraps clamscan/clamdscan and uses native tools like "tar", "unzip", etc.
Regards,
Micah
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of Andrew
C Aitchison via clamav-users <clamav-users@lists.clamav.net>
Sent: Wednesday, May 24, 2023 1:34 AM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: Andrew C Aitchison <cla...@aitchison.me.uk>
Subject: Re: [clamav-users] Question About MaxFileSize
On Wed, 24 May 2023, Tachibanaki Nozomi (橘木 希美) wrote:
> Dear Sir or Madam,
>
> Thank you for your help always.
> I am contacting you to ask about MaxFileSize in clamd.conf.
>
> The following description is found in the configuration of
> /usr/local/etc/clamd.conf.
>
> MaxFileSize
> # Technical design limitations prevent ClamAV from scanning files greater than
> # 2 GB at this time.
>
> Is there any plan or possibility to change the technical design
> limitation that prevents scanning files larger than 2 GB in the
> future?
I believe that the intention is to remove this limit at some point.
I wonder whether the technical limitations are less severe for
archive formats such as tar and zip.
Could "small" files inside "large" archives be scanned
without the work necessary for full "large" file support ?
Apart from vulnerabilities caused by 2GB and 4GB limits themselves,
I think scanning inside large archives might solve many of the
reasons for scanning large files.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
