-
Notifications
You must be signed in to change notification settings - Fork 713
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MaxStreamSize does not seem to have an upper limit #1414
Comments
I have just seen the issue #1424, and the reply there indicates that using |
I am sorry your issue slipped past me 2 weeks ago. Note: it is If you use So regardless of whether or not you're using If you enable I haven't played around with |
No worries about the delay! Thanks for replying now!
Thanks, I am not sure how I got this wrong in the initial post, but this is indeed the setting I mean, and have been fiddling with.
This is very interesting. It is what I was expecting given my results, but it is good to have it confirmed, as the behaviour to return OK in this instance seems counterintuitive. I will have a play with
Completely agree with this! ClamAV appropriately errors if you set |
Describe the bug
It is a known limitation of ClamAV that files larger than 2GB cannot be scanned, as discussed in this issue.
I am implementing my own client for the ClamAV daemon, which does the reading of files itself and then uses the ClamAV
INSTREAM
command to scan the stream of the file.This works well, and of course, if I try to send a stream larger than the
MaxStreamSize
setting in theclamd.conf
, ClamAV logs an error and closes the connection as expected.However, if I set
MaxStreamSize
to something larger than "officially" supported by ClamAV e.g. 5GB, and then read + stream a file of (just under) this size to ClamAV, ClamAV seems to successfully scan the stream and return a result. There seems to be no limit to what I can setMaxStreamSize
to, and therefore no limit to the size of the stream I can use - as long as I have sufficient memory. This allows me to theoretically have no limit to the file size I can scan as long as I do the read myself.My understanding from reading the ClamAV docs and Github issues is that this should not be possible due to technical limitations of ClamAV. If this is true, can I therefore not trust the result of this scan? It feels like there should there be an upper limit on the
MaxStreamSize
setting, similar toMaxScanSize
andMaxFileSize
.Further, the man page for ClamAV implies this should be limited to 4GB as it states:
How to reproduce the problem
MaxStreamSize
to 5GBOK
status (assuming you did not use an Eicar)The text was updated successfully, but these errors were encountered: