Bug 11967 – Messages about a file exceeding scan size limits

Bug 11967 - Messages about a file exceeding scan size limits


Summary:	Messages about a file exceeding scan size limits

Status:	RESOLVED WONTFIX

Product:	ClamAV
Classification:	ClamAV
Component:	clamscan
Version:	0.99.3-beta1
Hardware:	x86_64 GNU/Linux

Importance:	P3 normal
Target Milestone:	feature_request
Assigned To:	Micah Snyder

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2017-11-30 13:55 EST by Tom
Modified:	2022-04-11 21:34 EDT (History)
CC List:	3 users (show)

See Also:
QA Contact:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tom 2017-11-30 13:55:49 EST

I want an easy way for a customer to see a message flash on the screen that the file they attempted to scan is too large and they need to add the --maxscansize limits. 

*tested on ubuntu64bit*

Right now, it is pretty misleading:
IF I run:
clamscan --debug /opt/wsusscn2.cab 

The output below, shows that a file WAS scanned: (but it wasn't). But no data was scanned in that file. 

----------- SCAN SUMMARY -----------
Known viruses: 6354080
Engine version: 0.99.3-beta2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 208.33 MB (ratio 0.00:1)
Time: 10.308 sec (0 m 10 s)
clamscan --debug /opt/wsusscn2.cab 


if I add the --maxsizelimit
clamscan --max-scansize=218451232111122 --max-filesize=2184512321111122 --debug /opt/wsusscn2.cab



----------- SCAN SUMMARY -----------
Known viruses: 6354080
Engine version: 0.99.3-beta2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 327.86 MB
Data read: 208.33 MB (ratio 1.57:1)
Time: 46.380 sec (0 m 46 s)




You can see that it actually populates the data scanned section.

Comment 1 Steven Morgan 2017-11-30 16:08:00 EST

There is an 0.99.3 feature addressing this issue. Try --block-max. It should flag files that are too big with an heuristic.

Comment 2 Tom 2017-11-30 16:24:08 EST

When did we add that feature? I couldn't find any documentation on it, it's not in clamscan --help or anything.

Comment 3 Steven Morgan 2017-11-30 16:26:20 EST

(In reply to Tom from comment #2)
> When did we add that feature? I couldn't find any documentation on it, it's
> not in clamscan --help or anything.

       --block-max[=yes/no(*)]
              Flag  files  with  "Heuristics.Limits.Exceeded" when scanning is incomplete due to
              exceeding a scan or file size limit.

Comment 4 Steven Morgan 2017-11-30 16:28:32 EST

(In reply to Steven Morgan from comment #3)
> (In reply to Tom from comment #2)
> > When did we add that feature? I couldn't find any documentation on it, it's
> > not in clamscan --help or anything.
> 
>        --block-max[=yes/no(*)]
>               Flag  files  with  "Heuristics.Limits.Exceeded" when scanning
> is incomplete due to
>               exceeding a scan or file size limit.

That is from man clamscan, I'll add to help also.

Comment 5 Micah Snyder 2018-02-15 16:11:54 EST

I already updated the help for 0.100 to fix the missing documentation portion of this request.  

As for messages when a file is "OK" but actually exceeded scan size limits (when --block-max isn't being used) -- the correct way to do this would be to print something in the summary.  However, it will take more work than just printing something out to the debug log at the time it occurs.  It probably couldn't hurt to do both (debug log + a detail in the summary).  

In any case, because I'd like to do it the right way -- I'm going to keep this ticket open and make it a feature request to be addressed later.

Comment 7 Micah Snyder 2022-04-11 21:34:53 EDT

No plan to make any additional changes. Closing stale ticket.