This one time, at band camp, Jeroen van Wolffelaar said: > On Wed, Nov 16, 2005 at 11:46:56PM +0000, Stephen Gran wrote: > > This one time, at band camp, Michael Gilbert said: > > > is it possible to ignore greater compression ratios for larger > > > archives? Larger archives are validly more compressible than smaller > > > archives because the more bits you have, the more potential there is > > > for duplication and hence compression. > > > > At the moment, no. I am also not sure it would be the right thing to do > > - see below. > > I think the major problem here is that this specific test is a heuristic. > I've lost mail due to this (BZip.ExceededFileSize, actually), and because > clamav is often used as a mail scanner (in drop-if-infected mode, even, > like on *.debian.org now), I think the default behaviour really shouldn't > be to hit on a heuristic test like this, rather, only if expressly > configured to do so. I believe, and a lot of people's use of clamav makes > the need for it, that clamav by default should only report positive matches > on malware, and not employ heuristics which are known to have a non-trivial > amount of false positives. I'd even like to ask you to consider making such > a change for a Sarge point release, as this is such a common use-case, and > can cause data-loss (though not directly *due* to clamav, so not dataloss > in the BTS sense, but I hope you understand what I'm going at). > > Ideally, there would be two levels of reporting, a positive match and a > 'maybe-match', so that you can serve both type of uses: automatic and those > that only inform a user, but that's beyond the scope of this bugreport.
Found in man 5 clamd.conf:
ArchiveBlockMax
Mark archives as viruses (e.g RAR.ExceededFileSize,
Zip.ExceededFilesLimit) if ArchiveMaxFiles, ArchiveMaxFileSize,
or ArchiveMaxRecursion limit is reached.
Default: disabled
It was enabled as the default in the Debian packages when the new
option was introduced (but only for upgrade from a version before it was
introduced), but removing or commetning the option should be respected
across upgrade. If it is not, please file a bug report about that.
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : [EMAIL PROTECTED] |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
signature.asc
Description: Digital signature
