Obviously "must try harder" as they used to say at school.
FAS
Francis Stevens wrote:
I don't feel so stupid now... I've set ArchiveMaxCompressionRatio to 0 to disable the limit and I still get the "Oversized.zip FOUND" message with clamscan and clamdscan. With clamscan I can use --max-ratio=0 and everything is OK but I'm actually using amavisd-new so this isn't an option. Anyone know whay ArchiveMaxCompressionRatio doesn't work and what I can do about it?
FAS
Francis Stevens wrote:
If only I'd waited a bit longer... I now find the answer to my own question in the FAQ (should have looked first... a case of engaging the maillist before the brain... sorry). I post the correct answer here in case anyone else is a stupid as me!!
#
I get many false positives of Oversized.zip
Whenever a file exceeds ArchiveMaxCompressionRatio (see clamd.conf man page), it's considered a logic bomb and marked as Oversized.zip . Try increasing your ArchiveMaxCompressionRatio setting.
Francis Stevens wrote:
Since I upgraded to 0.80 I am seeing many false positives for the Oversized.zip virus, I have posted samples at the ClamAV website but in the mean time is there a way of removing the signatures for this virus from my copy of the database?
FAS _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
