Making more progress - using --scan-mail=yes and --max-scansize=3000M the mbox file is being "seen", but, as I discovered, and someone posted on a page somewhere, there is a discrepency between "Data scanned" and "Data read". Data Scanned shows about 0. Data Read shows a more appropriate large value (multi megabyte).
I then tried to play with --max-filesize= 0, or 1, or 3000M, and now get "fmap - map allocation failed" for the mbox file. Thus, it appears to "see" the mbox file, but, based on the Data scanned field above, there is no strong evidence to claim it is being properly scanned. I also tried --tempdir=/path/to/lot-of-space and that didn't seem to do any good. Again, clamscan 0.97.7. Ideas are welcome. Switches from successful test results also welcome. Thanks. Scott On Wed, Apr 10, 2013 at 8:01 PM, A K Varnell <alvarn...@mac.com> wrote: > > On Apr 10, 2013, at 4:59 PM, A K Varnell <alvarn...@mac.com> wrote: > > > On Apr 10, 2013, at 4:41 PM, Scott Ehrlich <sc...@ehrlichtronics.com> > wrote: > > > >> You may be correct, though recalling my command-line options, including > >> verbose mode, the mbox file is very large, yet the scan took just a few > >> seconds. > > > > Then you'll need to change: > > > > --max-filesize=#n > > Extract and scan at most #n kilobytes from each archive. > You may > > pass the value in megabytes in format xM or xm, where x > is a > > number. This option protects your system against DoS > attacks > > (default: 25 MB, max: <4 GB) > > Sorry, wrong reference: > > --max-scansize=#n > Extract and scan at most #n kilobytes from each scanned > file. > You may pass the value in megabytes in format xM or xm, > where x > is a number. This option protects your system against > DoS > attacks (default: 100 MB, max: <4 GB) > > -Al- > > >> ... > >> Scott > >> > >> > >> On Wed, Apr 10, 2013 at 5:41 PM, Steven Morgan <smor...@sourcefire.com > >wrote: > >> > >>> Scott, > >>> > >>> Looking at the code, I think the option is 'scan-mail'. It defaults as > yes, > >>> so you shouldn't need to do anything special, just clamscan > /path/to/mbox/. > >>> > >>> Let us know if that is not working. > >>> > >>> Steve > >>> > >>> On Wed, Apr 10, 2013 at 4:46 PM, Scott Ehrlich < > sc...@ehrlichtronics.com > >>>> wrote: > >>> > >>>> I just compiled clamav 0.97.7 on SANS SIFT Linux. > >>>> > >>>> Reviewing the README file and google, it appears that clamscan should > be > >>>> able to review/scan mbox files, but any attempt at using --mbox, such > as > >>>> clamscan --mbox or clamscan -d /tmp/virdir --mbox /path/to/mboxfile, > >>>> reports an error with the --mbox switch. > >>>> > >>>> I reviewed the configuration file, and there was nothing for mbox > >>> support. > >>>> > >>>> Am I missing something? > >>>> > >>>> Thanks. > >>>> > >>>> Scott > >>>> _______________________________________________ > >>>> Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > >>>> http://www.clamav.net/support/ml > >>>> > >>> _______________________________________________ > >>> Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > >>> http://www.clamav.net/support/ml > >>> > >> _______________________________________________ > >> Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > >> http://www.clamav.net/support/ml > > > > _______________________________________________ > > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > > http://www.clamav.net/support/ml > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml