Per Jessen wrote:
The OP started by saying "there are ways to limit the level of archive that will be scanned as well as the size of the entities to be scanned", which are performance optimizing options one can use if desired. To which I commented that it's not about a message that can't be scanned, but whether your limits allow it to be scanned. Remove the limits, and everything is scanned (presumbly only limited by hardware resources).
Well of course there have to be limits somewhere, and I recall one issue is malevalent attachments designed specifically to crash extractors. A second issue I recall from the past is the sending of password protected archives - the scanner is unable to check it, but of course a user taken in by the message may well open it. So that's a separate consideration - whether to allow password protected archives or to reject them.
Nonetheless, it is actually an interesting question - should/does clamav return "not-scanned-due-to-user-restriction" in such cases?
I guess that's the key question, and is it possible to set the reported result to "reject" in that case ?
-- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml