On Wed, Nov 16, 2005 at 11:46:56PM +0000, Stephen Gran wrote: > This one time, at band camp, Michael Gilbert said: > > is it possible to ignore greater compression ratios for larger > > archives? Larger archives are validly more compressible than smaller > > archives because the more bits you have, the more potential there is > > for duplication and hence compression. > > At the moment, no. I am also not sure it would be the right thing to do > - see below.
I think the major problem here is that this specific test is a heuristic. I've lost mail due to this (BZip.ExceededFileSize, actually), and because clamav is often used as a mail scanner (in drop-if-infected mode, even, like on *.debian.org now), I think the default behaviour really shouldn't be to hit on a heuristic test like this, rather, only if expressly configured to do so. I believe, and a lot of people's use of clamav makes the need for it, that clamav by default should only report positive matches on malware, and not employ heuristics which are known to have a non-trivial amount of false positives. I'd even like to ask you to consider making such a change for a Sarge point release, as this is such a common use-case, and can cause data-loss (though not directly *due* to clamav, so not dataloss in the BTS sense, but I hope you understand what I'm going at). Ideally, there would be two levels of reporting, a positive match and a 'maybe-match', so that you can serve both type of uses: automatic and those that only inform a user, but that's beyond the scope of this bugreport. Thank you very much for considering this issue, --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] http://jeroen.A-Eskwadraat.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
