Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I want to scan larger files with "clamscan". I don´t know how big a file can be in order to be scanned.
Anyway I´ve learned that I cannot scan let´s say a 60MB-file directly.
−−max−filesize=#n: Extract and scan at most #n bytes from each archive
.
So this probably means that I have to pack my .mp3-file into an archive before being able to scan it.
I tested that by packing three .mp3-files (radio plays) into an archive and then scanning it:
Well, my question is: Do I always have to pack larger files before being able to scan them? Is there really no direct way of doing this?
And what´s the limit in MB?
Despite the wording of the man entry regarding "archive", did you try the --max-filesize / --max-scansize options on the file itself without putting it into an archive?
They can be changed there. Pay close attention to the preceding comments about each of them.
Or they can be overridden at the command line, but I think the man page reference is a bit misleading, the comments in clamd.conf for MaxFileSize don't also imply the file has to be an archive:
Code:
# Files larger than this limit won't be scanned. Affects the input file itself
# as well as files contained inside it (when the input file is an archive, a
# document or some other kind of container).
# Value of 0 disables the limit.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
So you should be able to use the command line override without first "packing" them...but maybe not
What values for the CLI overrides did you use when you followed hydrurga's suggestion? Please show us the command as executed as well as the result.
Edit: clamd.conf has no effect on clamscan. My Bad. man clamscan show the defaults and maximums for each option:
Code:
--max-filesize=#n
Extract and scan at most #n bytes from each archive. You may pass the value in kilobytes in format xK or xk, or megabytes in format xM or xm, where x is a number. This option protects your system
against DoS attacks (default: 25 MB, max: <4 GB)
--max-scansize=#n
Extract and scan at most #n bytes from each archive. The size the archive plus the sum of the sizes of all files within archive count toward the scan size. For example, a 1M uncompressed archive
containing a single 1M inner file counts as 2M toward max-scansize. You may pass the value in kilobytes in format xK or xk, or megabytes in format xM or xm, where x is a number. This option pro-
tects your system against DoS attacks (default: 100 MB, max: <4 GB)
It looks as if clamscan is reading the mp3 fine, but has decided not to scan it, perhaps because it or mp3's in general are excluded or on a whitelist.
A quick web search provides a couple of hints that mp3s may not be scanned by clamscan, but I can't find anything conclusive yet.
It looks as if clamscan is reading the mp3 fine, but has decided not to scan it, perhaps because it or mp3's in general are excluded or on a whitelist.
A quick web search provides a couple of hints that mp3s may not be scanned by clamscan, but I can't find anything conclusive yet.
Me either, except for a couple of references that mp3 files are non-executable. I agree, not conclusive. File types can be excluded on the command line, but the OP isn't doing that.
O.K., at least for now there seems nothing can be done to scan the respective file directly.
At first I thought that it was due to its larger size. But the mp3-nature could also be the reason. I have to admit I haven´t thought of that possibility.
Well at least the workaround of packing it first works.
By the way, a tar.bz2-file can be scanned and a zip-file as well.
So, it appears, in this case anyway, although it may well also be the general case, that clamscan doesn't check mp3's and that, although the man page refers to "archives", --max-filesize and/or --max-scansize don't apply only to archives.
FLV files contain compressed data - that's perhaps the reason that more data was scanned than was read, although I have no idea to be honest. It is interesting though.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.