Re: [clamav-users] Questions about ClamAV

My experience is that ClamAV is limited by to 4 GB for the size of a file. Apparently it still uses 32-bit numbers (as opposed to addresses) even on 64-bit machines. On Mon, 20 Nov 2017 18:42:22 -0800 Al Varnell wrote: > On Mon, Nov 20, 2017 at 03:48 PM, Micah Snyder

Re: [clamav-users] Questions about ClamAV

On Mon, Nov 20, 2017 at 03:48 PM, Micah Snyder (micasnyd) wrote: > 2. Does it have the ability to scan large files (2 GBs+)? > ClamAV currently has max file size limits around 2GB. I believe the default MaxFileSize is only 25MB, at least that's what it is for the clamd daemon. It can be

Re: [clamav-users] Questions about ClamAV

> On Nov 20, 2017, at 6:48 PM, Micah Snyder (micasnyd) > wrote: > > 3. Is it compatible with both Linux and Windows? > Yes, however certain features (e.g. on access scanning) are limited to Linux. I’ve found fswatch to overcome on-access scanning on OSX, and it supposed to

Re: [clamav-users] Questions about ClamAV

Hello, 1. Can it scan all files/data from a dirty S3 bucket, and place the files into a clean bucket? I don’t have experience working with S3 buckets. ClamAV works with files on a filesystem. ClamAV’s ability to move files during scanning is limited to moving dirty files, not moving clean

Re: [clamav-users] CVE fix status

I think some may be fixed already. I've opened ticket 11961 in the ClamAV bugzilla for followup and tracking. Steve On Mon, Nov 20, 2017 at 2:54 PM, Zetan Drableg wrote: > Hi, > Anyone know when these CVEs will be fixed? Does clamav provide a 0.99.2 > security fix

[clamav-users] CVE fix status

Hi, Anyone know when these CVEs will be fixed? Does clamav provide a 0.99.2 security fix branch or I need to consume 0.99.3 devel? Does EPEL backport fixes? CVE-2017-6418 CVE-2017-6419 CVE-2017-6420 It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote

[clamav-users] Questions about ClamAV

Hello, I have a few questions about ClamAV. 1. Can it scan all files/data from a dirty S3 bucket, and place the files into a clean bucket? 2. Does it have the ability to scan large files (2 GBs+)? 3. Is it compatible with both Linux and Windows? 4. Does it scale horizontally, adding more

Re: [clamav-users] Emf.Exploit.CVE_2017_16395-6376329-0

Interesting. All the allegedly affected emails I've checked have docx attachments, not Adobe or .PDF. It seems incorrect that a signature for Adobe and Reader would be triggering on docx files. For now, I'm not going to put this in .ign2, but I will exclude the Maildir scanning script from

Re: [clamav-users] Clamav capabilities detecting malicious scripts (javascript, sql injection)

Am 20.11.2017 um 16:01 schrieb Peter Geerts: As far as I understand : files that are uploaded to a website/CMS system are offered/delegated to clamav for checking. Can you elaborate on the sanesecurity link because I have been at their site but didn't find anything that could help me for this

Re: [clamav-users] Clamav capabilities detecting malicious scripts (javascript, sql injection)

As far as I understand : files that are uploaded to a website/CMS system are offered/delegated to clamav for checking. Can you elaborate on the sanesecurity link because I have been at their site but didn't find anything that could help me for this specific scenario. Thanks Peter 2017-11-20

Re: [clamav-users] Clamav capabilities detecting malicious scripts (javascript, sql injection)

Am 20.11.2017 um 15:48 schrieb Peter Geerts: Perhaps this has been raised earlier but as a newbie I have a question regarding Clamav capabilities in this area. We currently already run a 99.2 version on Red Hat which does a lot of virus checking already but malicious (script) code is not

[clamav-users] Clamav capabilities detecting malicious scripts (javascript, sql injection)

Hi All, Perhaps this has been raised earlier but as a newbie I have a question regarding Clamav capabilities in this area. We currently already run a 99.2 version on Red Hat which does a lot of virus checking already but malicious (script) code is not detected. If this is at all possible I