HTTP Anti-Virus Proxy :: View topic

How do you mean it starts to grow? If you download smaller files than MAXSCANSIZE, it will be fully allocated and it stays the same size. If it does grow, either you have some config error or old buggy version.

If you download something over MAXSCANSIZE, then the file will grow as you download it.

What scanner are you using? It might decide it's not a virus and finish scanning immediately.

Author:	m33 [ 07 Jun 2006 19:13 ]
Post subject:	big files
Hi, big files seems to pass without scanning: When you download small files (1M, 2M...) you can see temp files in the mandatory locking directory growing then disapear when fully downloaded. When you download big files (650M (iso)), you can see a temp file in locking dir that disapear almos instantanly. It seems to be related to "dynamic scanning" (around line 688) section of proxyhandler.cpp. Dynamic scanning means there is no temp file and the content is scanned on the fly ? Bye, Mat.

Author:	hege [ 07 Jun 2006 20:27 ]
Post subject:
What is your MAXSCANSIZE? When you have downloaded this much, the tempfiles are deleted already. Cheers, Henrik

Author:	m33 [ 07 Jun 2006 22:43 ]
Post subject:
The size of the file I'm downloading is 717729792. My MAXSCANSIZE is 1717729792. --> I realize it's a wrong value... it is greater than MAXFILELOCKSIZE.... (but I also tried MAXSCANSIZE 0).

Author:	m33 [ 07 Jun 2006 23:25 ]
Post subject:
I'll try to give you a simple example of the issue, with smaller files that shouldn't exceed any MAX values: 9.7Mb iso file: http://mirrors.ircam.fr/pub/CentOS/4/os ... s/boot.iso a temp file is created, starts to grow and disapear quickly. a 12Mb img file: http://mirrors.ircam.fr/pub/CentOS/4/os ... skboot.img a temp file is created, grows up to 12Mb and disapear after scanning. Bye, Mat.

Author:	hege [ 08 Jun 2006 00:01 ]
Post subject:
How do you mean it starts to grow? If you download smaller files than MAXSCANSIZE, it will be fully allocated and it stays the same size. If it does grow, either you have some config error or old buggy version. If you download something over MAXSCANSIZE, then the file will grow as you download it. What scanner are you using? It might decide it's not a virus and finish scanning immediately. Cheers, Henrik

HTTP Anti-Virus Proxy http://havp.hege.li/forum/

big files http://havp.hege.li/forum/viewtopic.php?f=3&t=119	Page 1 of 1

Author:	m33 [ 08 Jun 2006 10:15 ]
Post subject:
hege wrote: How do you mean it starts to grow? If you download smaller files than MAXSCANSIZE, it will be fully allocated and it stays the same size. If it does grow, either you have some config error or old buggy version. I mean, a temp file with final size is allocated, then it's filled with downloaded data. Quote: If you download something over MAXSCANSIZE, then the file will grow as you download it. What scanner are you using? It might decide it's not a virus and finish scanning immediately. clamd and f-prot (with -dumb) with same results. Is there any chances that .iso files are bypassed with those two av ? Cheers, Henrik[/quote]

Author:	hege [ 08 Jun 2006 19:13 ]
Post subject:
m33 wrote: Is there any chances that .iso files are bypassed with those two av ? It seems neither of them scan into .iso, so that explains it.. Cheers, Henrik

Page 1 of 1	All times are UTC + 2 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/