LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Mandriva (https://www.linuxquestions.org/questions/mandriva-30/)
-   -   Klamav - virus found - Zip.ExceededFilesLimit (https://www.linuxquestions.org/questions/mandriva-30/klamav-virus-found-zip-exceededfileslimit-400394/)

rrsc16954 01-06-2006 06:41 PM
Klamav - virus found - Zip.ExceededFilesLimit
 
I have the new Members' December edition and just ran the Klamav anti-virus for the first time and it found 4 instances of 'Zip.ExceededFilesLimit'.

I have googled for it and get conflicting results... some suggestions it it just the virus samples in the program others seem to suggest it could be more serious.

For example see: http://www.gossamer-threads.com/list...av/users/20667

I have searched here and couldn't find any mention. Does anybody know whether it is a problem in mandriva? And at this time do I need av in linux?

Lakota 01-08-2006 12:47 PM
here is an explanation I found on another forum,

(e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit) if max-files, max-space, or max-recursion is reached.

it doesn't mean there's a virus it meas that clamav has a limit of how many files or how many levels to check in a archive and that limit has been reached.

Link to quote above, check the moderators comment in this thread:
http://www.mepislovers.org/modules/n...11149&start=10

Lakota 01-08-2006 12:57 PM
The above explanation does hold water. If you open the options button on Klamav, you will see at the top, the max limits are user configurable, and the "mark as virus if limits exeeded", or "mark as virus if encripted" is an option the user can define.

I ran into this same scenario in Windows. Scanned a file that I had on a backup disk with AVG, AVG said had a virus. I know for a fact it did not. It was a text file I created, encrypted and compressed. It is just a failsafe false positive type thing.

rrsc16954 01-10-2006 06:28 PM
Thank you for your responses.

The four directories 'found' had large numbers of compressed sub-directories probably containing more of the same eg two of them were mozilla installation folders.

Thanks again for your time.

rjw1678 01-11-2006 08:42 AM
I changed the klamavrc file (that I found by searching the home directory of the user that I was running klam-av from). The changes I made were :

MBsToExtract=99M
NoFilesToExtract=99999
RecursionLevel=25

This took care of the problem for me.

Later
Bob

rrsc16954 01-11-2006 08:08 PM
Thanks Bob

I'll look closely at that. I don't think I need to worry about the files I found, though. One of the names I have seen re-assuring us (somewhere in my google) is that of the guy (which I can't remember now) who seems to find all the potential security breaches in Mandriva. When I am downloading security updates I seem to see his name on 99%.

After waiting a day or so for a response here, I asked for assurance from Mandriva club security forum and got the same story there.

It's just a sensible precaution in case a virus is hidden inside a compressed file, although it would seem to me reasonable to give a more precise warning rather than a statement that you have a virus.

Richard

Lakota 01-13-2006 02:30 AM
Hey, new toy to stress us out! Grisoft released a new product a few hours ago, avg free for linux. This one is for the home user. They even have a mandriva rpm to download, denoted by the "mdk" in file name.
http://free.grisoft.com/doc/20/lng/us/tpl/v5

rrsc16954 01-16-2006 06:53 PM
Lakota - very interesting, thanks! I'm trying to install the required libraries at the moment.


All times are GMT -5. The time now is 07:31 AM.