Quoting aCaB <aca...@digitalfuture.it>:
Is this necessary? (Tools such as unzip are able to decompress the file
without loading the entire file into memory).
Not necessary but it makes the code much simpler in the default case
scenario as, with the default settings, the allocated memory is way
below CLI_MAX_ALLOCATION.
I agree that the implicit relation between the alloc size and the
max-(scan|file)size setting could be better documented.
Is this implicit relation only for zip files or also for other
compression/archive formats? (I tested bzip2 and gzip and there the
RSS does not increase - or at least not that much)
But frankly I don't see a point in refactoring the code to handle
insanely large values of max-XXXsize in a way that is memory efficient.
After all we're targeting malware which is on avg 2-300 KB in size.
Just to make sure: what part of the code would need refactoring? I
*assume* it's (only) the decompression code and not the rest of the
code since the extraction code creates a temp file (which, I assume,
is later mmap'ed)
Best regards,
Bram
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
