> Please run clamscan with --debug, as I asked earlier. If you can't > interpret the results, send them on and I'll help. To repeat, you are > tripping the _builtin_default_ for one of the many limits in libclamav. > They are there for a good reason, but they can all be overidden. If you > send me the debug output, I can help you find settings that work for > your scenario.
using '--debug', it looks like there is an all black image (uncompressed 768 kB, compressed 809 B, ratio 902) in the archive that is (validly) triggering the 'oversized.zip' flag (default ratio 250). i tried the scan again with '--max-ratio=0' to bypass the ratio detection routine, which did not detect anything wrong with the archive as i expect. i think that the '--max-ratio' and '--max-dir-recursion' checks should not be enabled by default. they should be enabled with the '--block-max' flag as is the current case with the '--max-space', '--max-recursion', and '--max-files' options. all of these options seem very related, and hence should funtion similarly (only checked when the user sets the '--block-max' flag). let me know if this sound reasonable. this may be what you are trying to do in the code (i think --block-max option corresponds to the limits variable); however, the conditional statement on line 452 in libclamav/scanners.c seems to be executed whether or not --block-max is set on the command line. anyway, let me know if you need any more details. regards, Mike Gilbert
