Re: [Clamav-users] False positive with Oversized.zip

Francis Stevens Mon, 25 Oct 2004 02:16:01 -0700

If only I'd waited a bit longer... I now find the answer to my own question in the FAQ (should have looked first... a case of engaging the maillist before the brain... sorry). I post the correct answer here in case anyone else is a stupid as me!!

#
I get many false positives of Oversized.zip
Whenever a file exceeds ArchiveMaxCompressionRatio (see clamd.conf man page), it's considered a logic bomb and marked as Oversized.zip . Try increasing your ArchiveMaxCompressionRatio setting.

Francis Stevens wrote:

Since I upgraded to 0.80 I am seeing many false positives for the Oversized.zip virus, I have posted samples at the ClamAV website but in the mean time is there a way of removing the signatures for this virus from my copy of the database?
FAS
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] False positive with Oversized.zip

Reply via email to