Hi > Does it mean that "false positive" was already reported and > corrected, or that reviewer just misinterpreted my submission > as "virus submission"?
No. It means, that there is no virus inside, and clamav does not report a virus on your system. "Oversized.RAR" is NOT A VIRUS. Read the docs. Oversized.RAR is a way to tell you that this rar file is regarded as a mail bomb. Again, read the archives, you can define the treshhold for this detection in the config file. Usually this happens, if you compress huge uncompressed pictures (i.e. BMP) or really huge text files. > I've tested that same file with online ClamAV scanner and it > reported "clean". However, our local system still reports > "Oversized.RAR" and freshclam.log states: So the onlinescanner has a more relaxed setting for the treshhold. > What should I do? Repost "false positive"? Fix my > installation? Wait for updates? Something other? Fix your configuration, if you need to accept that file. However, since some files are simply compressable enough, there will always be some file, which will hit that treshhold, however high it may be, without being a real mailbomb. Anyway, disabling mailbomb detection is not a good idea, as it will allow someone to send you a file which immediately takes down your mail system. 16kb file which expand to about 120GB are not rare. [Even if no such file hit my live servers yet, I do have some of them on my system for testing.] Regards, Steffen
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
