[Mimedefang] passing args to clamav through md?
    David F. Skoll 
    dfs at roaringpenguin.com
       
    Mon Sep  9 13:56:01 EDT 2002
    
    
  
Hi,
I was wrong; clamscan does support opening tar.gz archives, etc.
However, I will still not officially support it in MIMEDefang because
a very simple-minded DoS is to tar up 8 GB of zeros, gzip it to a few
hundred kilobytes, and...
It looks like clamscan uses the normal "tar" for untarring files, rather than
a safe version which halts if the expansion ratio is absurdly large.
The automatic inspection of archives is fraught with danger; if you really
want to do it, modify mimedefang.pl.
Regards,
David.
Roaring Penguin Software Inc. | http://www.roaringpenguin.com
GPG fingerprint: C523 771C 3710 0F54 B2D2 4B0D C6EF 6991 34AB 95BA
GPG public key:  http://www.roaringpenguin.com/dskoll-key-2002.txt ID: 34AB95BA
    
    
More information about the MIMEDefang
mailing list