On 2018-12-03 at 09:58 -0800, Dennis Peterson wrote: > If it is a big concern you can use the split command to create > "splits" of the suspect file. Split accepts various size arguments > (bytes, lines...) and will create as many files as it takes to split > the entire large file. These can be scanned individually and discarded > when done. There is a risk of a split happening in the middle of a > section that might match a signature but that is small. A work around > is to split a file, scan it, delete the splits, then split it a second > time using a different split size and repeat the scan.
> This is obviously tedious and works best on static files. There's > always a way if you don't mind the effort. It is easily scriptable. > > dp Splitting a file will probably make chunks other than the first to appear as random bytes, rather than having the correct filetype, thus making some signatures not to be applied. (the first chunk will _probably_ be detected properly, still splitting can make it miss what would be found on the full size, eg. splitting a zip file will lose its central directory...) Signatures are generally more complex than looking for a certain substring... Best regards _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
