On Mon, Apr 18, 2005 at 02:39:02PM -0500, René Berber said: > Tomasz Kojm wrote: > > On Mon, 18 Apr 2005 14:10:35 -0500 > > René Berber <[EMAIL PROTECTED]> wrote: > > > > > >>does not enable detecting them. Why? because you have to uncomment > >>DisableDefaultScanOptions to enable or disable the other options; even > >>if you have DetectBrokenExecutables uncommented the default value of > >>disabled is in effect... > > > > > > This is wrong. > > >From version 0.83 clamd.conf man page: > > DisableDefaultScanOptions > By default clamd uses scan options recommended by lib- > clamav. This option disables recommended options and > allows you to enable selected options. DO NOT ENABLE IT > unless you know what you are doing. > Default: disabled
There is a set of options, DefaultScanOptions, that includes a subset of the total options. All options in the set DefaultScanOptions are enabled by default. The only way to disable them in the 0.8x series is to use the option DisableDefaultScanOptions. The problem is that in the 0.8x series, the options are not boolean (there is no on/off or yes/no argument to most options). So the question arises, how do you disable something that is enabled by default? Commenting it out won't work, since then the library will use the default. The only way currently is with DisableDefaultScanOptions. > ScanPE PE stands for Portable Executable - it's an executable > file format used in all 32-bit versions of Windows oper- > ating systems. This option allows ClamAV to perform a > deeper analysis of executable files and it's also > required for decompression of popular executable packers > such as UPX. > Default: enabled > > DetectBrokenExecutables > With this option clamd will try to detect broken exe- > cutables and mark them as Broken.Executable. > Default: disabled > > What is wrong? To enable detecting broken executables you have to change two > options in the clamd.conf file (not only one as shown in the posted options), > one is uncommenting DisableDefaultScanOptions, the second is uncommenting > DetectBrokenExecutables. This option is by default disabled, and is not part of the set DefaultScanOptions. If you see Default: enabled, it is a member of the set. Does that make it more clear? -- -------------------------------------------------------------------------- | Stephen Gran | Feel disillusioned? I've got some | | [EMAIL PROTECTED] | great new illusions, right here! | | http://www.lobefin.net/~steve | | --------------------------------------------------------------------------
pgpoCQuady9WN.pgp
Description: PGP signature
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html
