On 04.04.2020 00:17, Kris Deugau wrote:
Arjen de Korte via clamav-users wrote:
Citeren Paul Kosinski via clamav-users <clamav-users@lists.clamav.net>:
However, applying clamscan to this file (which was slightly renamed by
my download script to be more readable) results in the following
output:
clamscan --alert-exceeds-max=yes --max-scantime=999
--max-scansize=4090M --max-filesize=4090M --max-files=30000
--max-recursion=30 --pcre-match-limit=999999999
--pcre-max-filesize=999999999 firefox-68.6.1-esr-64.tar.bz2
Before writing this whole rant, you have not considered checking
which of the options might have triggered this? You've reduced the
--max-scantime from the default 120 seconds to under 1 second and
still wonder why this breaks? Really?
That option seems to be missing from the man page entirely:
$ dpkg -l clamav
ii clamav 0.102.1+dfsg-0+deb10u2 amd64 [...]
$ zgrep scantime /usr/share/man/man1/clamscan.1.gz
$
and does not specify units in the --help text:
$ clamscan --help
[...]
--max-scantime=#n Scan time longer than this
will be skipped and assumed clean
[...]
Absent any documentation, I would reasonably assume this to be in
seconds, not milliseconds.
I have no idea if you're wrong about this being the cause, but without
diving into the source, Paul's use of that option looks entirely
reasonable to me.
-kgd
https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html
It is indeed a rather obscure option and missing from man pages.
Good luck,
Reio
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
