On 11/23/05, Stephen Gran <[EMAIL PROTECTED]> wrote: > clamscan does not read clamd.conf. If you are getting Oversized.Zip > with clamscan, you'll need to use the appropriate switch to clamscan. > Run it once with --debug, and you'll see what the compression rati, the > file size, etc are. Adjust your command line arguments accordingly.
ok, i guess that the problem boils down to the fact that regardless of whether or not I specfy the '--block-max' flag, the archives are detected as infected. without flag: $ clamscan pak000.pk4 pak000.pk4: Oversized.Zip FOUND ----------- SCAN SUMMARY ----------- Known viruses: 41273 Engine version: 0.87.1 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 13.48 MB Time: 4.369 sec (0 m 4 s) with flag: $ clamscan --block-max pak000.pk4 pak000.pk4: Zip.ExceededFileSize FOUND ----------- SCAN SUMMARY ----------- Known viruses: 41273 Engine version: 0.87.1 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 1.36 MB Time: 1.949 sec (0 m 1 s) however, notice that the first scan detects an 'oversize.zip' whereas the second scan detects a 'zip.exceededfilesize' infection. this indicates to me that the 'oversize.zip' scan is not related to the 'block-max' setting. hope this helps clarify the situation. thanks for your help trying to resolve this issue. Mike Gilbert
