This one time, at band camp, Michael Gilbert said:
i believe that heuristic is an accurate description. the word
heuristic is defined as something that is based on speculation. the
speculation here is that a highly compressed file within an achive is
always malicious.
Well, the definition
will the boolean defaults be false for the heuristics?
Mike
This one time, at band camp, Michael Gilbert said:
will the boolean defaults be false for the heuristics?
In what I have seen, the options will be given the same defaults, but it
makes it easier to turn them off this way, at least.
Calling this test a heuristic is, also, not strictly speaking
i believe that heuristic is an accurate description. the word
heuristic is defined as something that is based on speculation. the
speculation here is that a highly compressed file within an achive is
always malicious.
What is upstream's take on this matter? At a minimum, I think that
there needs to be a non-default flag (--enable-heuristics) that would
enable any and all heuristical scans.
This one time, at band camp, Michael Gilbert said:
What is upstream's take on this matter? At a minimum, I think that
there needs to be a non-default flag (--enable-heuristics) that would
enable any and all heuristical scans.
I have not had a response back from them about this issue. On the
This one time, at band camp, Michael Gilbert said:
Please run clamscan with --debug, as I asked earlier. If you can't
interpret the results, send them on and I'll help. To repeat, you are
tripping the _builtin_default_ for one of the many limits in libclamav.
They are there for a good
Please run clamscan with --debug, as I asked earlier. If you can't
interpret the results, send them on and I'll help. To repeat, you are
tripping the _builtin_default_ for one of the many limits in libclamav.
They are there for a good reason, but they can all be overidden. If you
send me
This one time, at band camp, Michael Gilbert said:
Found in man 5 clamd.conf:
ArchiveBlockMax
Mark archives as viruses (e.g RAR.ExceededFileSize,
Zip.ExceededFilesLimit) if ArchiveMaxFiles, ArchiveMaxFileSize,
or ArchiveMaxRecursion limit is reached.
On 11/23/05, Stephen Gran [EMAIL PROTECTED] wrote:
clamscan does not read clamd.conf. If you are getting Oversized.Zip
with clamscan, you'll need to use the appropriate switch to clamscan.
Run it once with --debug, and you'll see what the compression rati, the
file size, etc are. Adjust
This one time, at band camp, Michael Gilbert said:
On 11/23/05, Stephen Gran [EMAIL PROTECTED] wrote:
clamscan does not read clamd.conf. If you are getting Oversized.Zip
with clamscan, you'll need to use the appropriate switch to clamscan.
Run it once with --debug, and you'll see what
On Wed, Nov 16, 2005 at 11:46:56PM +, Stephen Gran wrote:
This one time, at band camp, Michael Gilbert said:
is it possible to ignore greater compression ratios for larger
archives? Larger archives are validly more compressible than smaller
archives because the more bits you have, the
This one time, at band camp, Jeroen van Wolffelaar said:
On Wed, Nov 16, 2005 at 11:46:56PM +, Stephen Gran wrote:
This one time, at band camp, Michael Gilbert said:
is it possible to ignore greater compression ratios for larger
archives? Larger archives are validly more compressible
On Tue, Nov 22, 2005 at 04:39:43PM +, Stephen Gran wrote:
Found in man 5 clamd.conf:
ArchiveBlockMax
Mark archives as viruses (e.g RAR.ExceededFileSize,
Zip.ExceededFilesLimit) if ArchiveMaxFiles, ArchiveMaxFileSize,
or ArchiveMaxRecursion limit is reached.
Found in man 5 clamd.conf:
ArchiveBlockMax
Mark archives as viruses (e.g RAR.ExceededFileSize,
Zip.ExceededFilesLimit) if ArchiveMaxFiles, ArchiveMaxFileSize,
or ArchiveMaxRecursion limit is reached.
Default: disabled
It was enabled as the default in
is it possible to ignore greater compression ratios for larger
archives? Larger archives are validly more compressible than smaller
archives because the more bits you have, the more potential there is
for duplication and hence compression.
is the compression ratio simply computed by dividing the
This one time, at band camp, Michael Gilbert said:
is it possible to ignore greater compression ratios for larger
archives? Larger archives are validly more compressible than smaller
archives because the more bits you have, the more potential there is
for duplication and hence compression.
This one time, at band camp, Michael Gilbert said:
clamav seems to think that large zip files should be considered as
infected. oversized seems to be somewhere between 227 and 303 MB. my
lastest scan told me that 3 of my doom 3 game data files are infected.
but the two smaller (on the
Package: clamav
Version: 0.87-1
Severity: normal
clamav seems to think that large zip files should be considered as
infected. oversized seems to be somewhere between 227 and 303 MB. my
lastest scan told me that 3 of my doom 3 game data files are infected.
but the two smaller (on the order
19 matches
Mail list logo
