Bugzilla – Bug 11967
Messages about a file exceeding scan size limits
Last modified: 2022-04-11 21:34:53 EDT
I want an easy way for a customer to see a message flash on the screen that the file they attempted to scan is too large and they need to add the --maxscansize limits. *tested on ubuntu64bit* Right now, it is pretty misleading: IF I run: clamscan --debug /opt/wsusscn2.cab The output below, shows that a file WAS scanned: (but it wasn't). But no data was scanned in that file. ----------- SCAN SUMMARY ----------- Known viruses: 6354080 Engine version: 0.99.3-beta2 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Data read: 208.33 MB (ratio 0.00:1) Time: 10.308 sec (0 m 10 s) clamscan --debug /opt/wsusscn2.cab if I add the --maxsizelimit clamscan --max-scansize=218451232111122 --max-filesize=2184512321111122 --debug /opt/wsusscn2.cab ----------- SCAN SUMMARY ----------- Known viruses: 6354080 Engine version: 0.99.3-beta2 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 327.86 MB Data read: 208.33 MB (ratio 1.57:1) Time: 46.380 sec (0 m 46 s) You can see that it actually populates the data scanned section.
There is an 0.99.3 feature addressing this issue. Try --block-max. It should flag files that are too big with an heuristic.
When did we add that feature? I couldn't find any documentation on it, it's not in clamscan --help or anything.
(In reply to Tom from comment #2) > When did we add that feature? I couldn't find any documentation on it, it's > not in clamscan --help or anything. --block-max[=yes/no(*)] Flag files with "Heuristics.Limits.Exceeded" when scanning is incomplete due to exceeding a scan or file size limit.
(In reply to Steven Morgan from comment #3) > (In reply to Tom from comment #2) > > When did we add that feature? I couldn't find any documentation on it, it's > > not in clamscan --help or anything. > > --block-max[=yes/no(*)] > Flag files with "Heuristics.Limits.Exceeded" when scanning > is incomplete due to > exceeding a scan or file size limit. That is from man clamscan, I'll add to help also.
I already updated the help for 0.100 to fix the missing documentation portion of this request. As for messages when a file is "OK" but actually exceeded scan size limits (when --block-max isn't being used) -- the correct way to do this would be to print something in the summary. However, it will take more work than just printing something out to the debug log at the time it occurs. It probably couldn't hurt to do both (debug log + a detail in the summary). In any case, because I'd like to do it the right way -- I'm going to keep this ticket open and make it a feature request to be addressed later.
No plan to make any additional changes. Closing stale ticket.