Hi there,
On Fri, 14 Jan 2022, Kris Deugau wrote:
I've just come across a presumed-malicious .zip file of about 500K that
contains a ~315M ISO image, which in turn appears to contain a ~315M
executable file.
After a bit of searching and testing I see the --max-ratio option has been
removed from clamscan, and ArchiveMaxCompressionRatio in clamd.conf has been
deprecated.
Are there any remaining (or new?) options that might help flag
hypercompressed files like this?
If you're using clamd, perhaps try the AlertExceedsMax option together
with the MaxScanSize and/or MaxFileSize options. No it's not the same. :/
Did this arrive in mail, Kris?
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
