[Declude.JunkMail] CLAMAV Command Line Parameters

[Goran Jovanovic]

Hi Scott,   I am trying to understand what the --max-ratio 0 command will do. It must be referring to the compression ratio but what does 0 mean? The default of 250 would mean that it would not decompress a 300 KB file that was compressed to a 1 KB file since that would be a 300:1 compression ratio. Does zero mean infinite or does it mean no compression?   Just confused.   Thanks   Goran Jovanovic Omega Network Solutions     Goran Jovanovic Omega Network Solutions   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Thursday, April 27, 2006 10:43 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] CLAMAV & SANE Phishing   Here's some clam-av command line changes that I use:   I add the --max-ratio 0 to the command line. I have had numerous heavily compressed zip files "caught" by clam-av. Mostly these are large .txt files that have been zipped up. clamscan notes:        --max-ratio=#n               Set maximum archive compression ratio limit.  This  option  pro-protects               tects your system against DoS attacks (default: 250). I also add a --max-space 1M to the command line. This will decompress only the first 1M of each archive. My clam-av has choked on large archives before, so cutting the scan time was a goal. Plus I don't know of any viruses that routinely propogate in 1M+ zip files.   clamscan notes:        --max-space=#n               Extract first #n kilobytes from each archive. You may  give  the               number  in  megabytes  in  format xM or xm, where x is a number.               This option protects your system against DoS  attacks  (default:               10 MB)