clamscan results - file exceeds limits warning

Using the scanvirus - clamscan engine -. These ‘warnings’ are printed unchanged.

Do I need to scan this file by change the clamscan line? To what value? 1 tb?

149812LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes

https://askubuntu.com/questions/601346/what-should-i-do-next-with-infected-files-and-errors

Review the man page for clamscan. There is a setting for “–max-filesize=#n”. This set the max search size of an extraction from an archived (zip or similar) file. The default limit is 25mb. This limit can be increased on the commandline to 4 gb.

What was seen and described above is the message resuling from the scan of an archive file that was larger than the default. This can be made larger as previously described.

**

**

nice -n "$CS_Priority" clamscan -r "$CopyVirus" --follow-dir-symlinks=0 --follow-file-symlinks=0 --cross-fs=no --max-filesize=0 --max-scansize=0 "$Mount_Point" | Scan_Results_Filter 1

This is the typical the new line format. I’m now getting these results.

4439LibClamAV Warning: PNG: Unexpected early end-of-file.
LibClamAV Warning: PNG: Unexpected early end-of-file.
LibClamAV Warning: PNG: Unexpected early end-of-file.
LibClamAV Warning: PNG: Unexpected early end-of-file.
LibClamAV Warning: PNG: Unexpected early end-of-file.
LibClamAV Warning: PNG: Unexpected early end-of-file.

I don’t have any experience with this software. However, it is a known “trick” that it is possible to create a small compressed file that expands to something so big that it causes problems. It has been used in denial of service attacks. My guess is that the size checking in clamscan is intended as a protection against this kind of attack.

Sounds reasonable. I just upped the limit to the max size of 4gb. Unless you have a reason that clamscan max should be lowered, I’ll just leave it set at that value.

Thanks for the tip (and to anyone else).