Bugzilla – Bug 12374
--max-filesize switch does not work
Last modified: 2021-04-03 13:25:21 EDT
Hello, We are experiencing issues with clamscan where files are not excluded from the scan as per the help page. The system has 2GB of RAM and the file in question is a 1.3GB tarball. The following command was used to exclude the file from the scan: clamscan --verbose --recursive --suppress-ok-results --infected --max-filesize=50M -i /opt/backup/ Following is the result: Scanning /opt/backup/dataset.201903061551910133.tar.gz LibClamAV Warning: fmap: map allocation failed LibClamAV Error: CRITICAL: fmap() failed Scanning /opt/backup/dataset.201903071552002950.tar.gz LibClamAV Warning: fmap: map allocation failed LibClamAV Error: CRITICAL: fmap() failed Scanning /opt/backup/dataset.201903061551914391.tar.gz LibClamAV Warning: fmap: map allocation failed LibClamAV Error: CRITICAL: fmap() failed Scanning /opt/backup/dataset-db.201903061551914391.tar.gz LibClamAV Warning: fmap: map allocation failed LibClamAV Error: CRITICAL: fmap() failed Scanning /opt/backup/dataset-db.201903061551911068.tar.gz LibClamAV Warning: fmap: map allocation failed LibClamAV Error: CRITICAL: fmap() failed ----------- SCAN SUMMARY ----------- Known viruses: 6280331 Engine version: 0.100.3 Scanned directories: 1 Scanned files: 0 Infected files: 0 Total errors: 5 Data scanned: 47.00 MB Data read: 3735.89 MB (ratio 0.01:1) Time: 39.410 sec (0 m 39 s) Below is the output from clamconf -n Checking configuration files in /etc/clamav Config file: clamd.conf ----------------------- PreludeAnalyzerName = "ClamAV" LogFile = "/var/log/clamav/clamav.log" LogFileMaxSize = "4294967295" LogTime = "yes" LogRotate = "yes" ExtendedDetectionInfo = "yes" LocalSocket = "/var/run/clamav/clamd.ctl" LocalSocketGroup = "clamav" LocalSocketMode = "666" MaxConnectionQueueLength = "15" MaxThreads = "12" ReadTimeout = "180" SendBufTimeout = "200" SelfCheck = "3600" User = "clamav" BytecodeTimeout = "60000" PCREMatchLimit = "10000" ScanOnAccess disabled Config file: freshclam.conf --------------------------- LogFileMaxSize = "4294967295" LogTime = "yes" LogRotate = "yes" UpdateLogFile = "/var/log/clamav/freshclam.log" Checks = "24" DatabaseMirror = "db.local.clamav.net", "database.clamav.net" MaxAttempts = "5" clamav-milter.conf not found Software settings ----------------- Version: 0.100.3 Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE ICONV JSON JIT Database information -------------------- Database directory: /var/lib/clamav bytecode.cld: version 330, sigs: 94, built on Wed Jul 17 06:11:08 2019 daily.cld: version 25542, sigs: 1718198, built on Thu Aug 15 01:25:56 2019 main.cvd: version 58, sigs: 4566249, built on Wed Jun 7 14:38:10 2017 Total number of signatures: 6284541 Platform information -------------------- uname: Linux 4.4.0-1085-aws #96-Ubuntu SMP Tue Jun 11 09:08:32 UTC 2019 x86_64 OS: linux-gnu, ARCH: x86_64, CPU: x86_64 Full OS version: Ubuntu 16.04.6 LTS zlib version: 1.2.8 (1.2.8), compile flags: a9 Triple: x86_64-pc-linux-gnu CPU: x86-64, Little-endian platform id: 0x0a215d5d0805040001050400 Build information ----------------- GNU C: 5.4.0 20160609 (5.4.0) GNU C++: 5.4.0 20160609 (5.4.0) CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2 CFLAGS: -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 CXXFLAGS: -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 LDFLAGS: -Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now -Wl,--as-needed Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libexecdir=/usr/lib/clamav' '--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now -Wl,--as-needed' '--with-dbdir=/var/lib/clamav' '--sysconfdir=/etc/clamav' '--disable-clamav' '--disable-unrar' '--enable-milter' '--enable-dns-fix' '--with-libjson' '--with-system-libmspack' '--with-libcurl=/usr' '--with-gnu-ld' '-with-system-llvm=/usr/lib/llvm-3.6/bin/llvm-config' '--with-llvm-linking=dynamic' '--with-systemdsystemunitdir=/lib/systemd/system' 'build_alias=x86_64-linux-gnu' sizeof(void*) = 8 Engine flevel: 93, dconf: 93 uname -mrsp Linux 4.4.0-1085-aws x86_64 x86_64 libc version ldd (Ubuntu GLIBC 2.23-0ubuntu11) 2.23 Copyright (C) 2016 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Written by Roland McGrath and Ulrich Drepper.
Hoping someone could provide some insights on this issue.
Hi Ray, Thanks for reporting the issue. We haven't had a chance to investigate yet, but we'll try to take a look sooner rather than later. Micah
Same issue; originally reported at https://bugzilla.redhat.com/show_bug.cgi?id=1897909 Description of problem: clamscan is not respecting --max-filesize or MaxFileSize limit Version-Release number of selected component (if applicable): clamav-0.103.0-1.fc32 How reproducible: 100% Steps to Reproduce: [user@localhost ~]$ fallocate --length 5G bigfile; [user@localhost ~]$ clamscan --max-filesize=1M --max-scansize=1M 'bigfile'; LibClamAV Error: CRITICAL: fmap() failed /home/user/bigfile: Can't allocate memory ERROR ----------- SCAN SUMMARY ----------- Known viruses: 8937614 Engine version: 0.103.0 Scanned directories: 0 Scanned files: 0 Infected files: 0 Total errors: 1 Data scanned: 0.00 MB Data read: 5120.00 MB (ratio 0.00:1) Time: 16.448 sec (0 m 16 s) Start Date: 2020:11:15 09:24:57 End Date: 2020:11:15 09:25:14 [user@localhost ~]$ echo $?; 2 Actual results: files larger than the limit aren't being skipped, resulting in error messages Expected results: files larger than the limit should be skipped Additional info: this is especially problematic for me because my nightly malware scan is returning errors every night since this package was updated -- the prior version (0.102.4) also appears to spend time looking at the file in spite of --max-filesize, but in that version errors aren't being generated ... [user@localhost ~]$ fallocate --length 5G bigfile; [user@localhost ~]$ clamscan --max-filesize=1M --max-scansize=1M 'bigfile'; /home/user/bigfile: OK ----------- SCAN SUMMARY ----------- Known viruses: 8940784 Engine version: 0.102.4 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Data read: 5120.00 MB (ratio 0.00:1) Time: 16.255 sec (0 m 16 s) [user@localhost ~]$ echo $?; 0
Hello! I believe I've resolrved this issue in the dev/0.104 development branch: https://github.com/Cisco-Talos/clamav-devel/commit/861153a656bcb5266952630f0a2aaed228883404 Thank you for your patience. -Micah
Marking this as a duplicate of ticket 12673 because it is resolved by the same patch. *** This bug has been marked as a duplicate of bug 12673 ***