diff --git a/ChangeLog b/ChangeLog index fbd5012ee..6e751ec10 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +Fri Feb 15 13:02:09 CET 2008 (acab) +----------------------------------- + * docs: describe new limit options and defaults + Thu Feb 14 22:45:03 EET 2008 (edwin) ------------------------------------ * libclamav/phischeck.c: change order of checks whitelist/isURL diff --git a/docs/man/clamd.conf.5.in b/docs/man/clamd.conf.5.in index fe3a55c8e..a45c158ea 100644 --- a/docs/man/clamd.conf.5.in +++ b/docs/man/clamd.conf.5.in @@ -240,10 +240,8 @@ If an email contains URLs ClamAV can download and scan them. \fBWARNING: This op .br Default: no .TP -\fBMailMaxRecursion NUMBER\fR -Recursion level limit for the mail scanner. -.br -Default: 64 +\fBMailMaxRecursion NUMBER (OBSOLETE)\fR +\fBWARNING:\fR This option is no longer accepted. See \fBMaxRecursion\fR. .TP \fBPhishingSignatures BOOL\fR With this option enabled ClamAV will try to detect phishing attempts by using signatures. @@ -270,25 +268,20 @@ Enable archive scanning. .br Default: yes .TP -\fBArchiveMaxFileSize SIZE\fR -Files in archives larger than this limit won't be scanned. Value of 0 disables the limit. -.br -Default: 10M +\fBArchiveMaxFileSize (OBSOLETE)\fR +\fBWARNING:\fR This option is no longer accepted. See \fBMaxFileSize\fR and \fBMaxScanSize\fR. .TP -\fBArchiveMaxRecursion NUMBER\fR -Limit archive recursion level. Value of 0 disables the limit. -.br -Default: 8 +\fBArchiveMaxRecursion (OBSOLETE)\fR +\fBWARNING:\fR This option is no longer accepted. See \fBMaxRecursion\fR. .TP -\fBArchiveMaxFiles NUMBER\fR -Number of files to be scanned within an archive. Value of 0 disables the limit. -.br -Default: 1000 +\fBArchiveMaxFiles (OBSOLETE)\fR +\fBWARNING:\fR This option is no longer accepted. See \fBMaxFiles\fR. .TP -\fBArchiveMaxCompressionRatio NUMBER\fR -Analyze compression ratio of every file in an archive and mark potential archive bombs as viruses (0 disables the limit). -.br -Default: 250 +\fBArchiveMaxCompressionRatio (OBSOLETE)\fR +\fBWARNING:\fR This option is no longer accepted. +.TP +\fBArchiveBlockMax (OBSOLETE)\fR +\fBWARNING:\fR This option is no longer accepted. .TP \fBArchiveLimitMemoryUsage BOOL\fR Use slower decompression algorithm which uses less memory. This option only affects the bzip2 decompressor. @@ -300,10 +293,25 @@ Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). .br Default: no .TP -\fBArchiveBlockMax BOOL\fR -Mark archives as viruses (e.g RAR.ExceededFileSize, Zip.ExceededFilesLimit) if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is reached. +\fBMaxScanSize SIZE\fR +Sets the maximum amount of data to be scanned for each input file. Archives and other containers are recursively extracted and scanned up to this value. \fBWarning: disabling this limit or setting it too high may result in severe damage to the system.\fR .br -Default: no +Default: 100M +.TP +\fBMaxFileSize SIZE\fR +Files larger than this limit won't be scanned. Affects the input file itself as well as files contained inside it (when the input file is an archive, a document or some other kind of container). \fBWarning: disabling this limit or setting it too high may result in severe damage to the system.\fR +.br +Default: 25M +.TP +\fBMaxRecursion NUMBER\fR +Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR file, all files within it will also be scanned. This options specifies how deeply the process should be continued. \fBWarning: disabling this limit or setting it too high may result in severe damage to the system.\fR +.br +Default: 16 +.TP +\fBMaxFiles NUMBER\fR +Number of files to be scanned within an archive, a document, or any other kind of container. \fBWarning: disabling this limit or setting it too high may result in severe damage to the system.\fR +.br +Default: 10000 .TP \fBClamukoScanOnAccess BOOL\fR Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running. diff --git a/docs/man/clamscan.1.in b/docs/man/clamscan.1.in index afe7e3d3a..5d4012b59 100644 --- a/docs/man/clamscan.1.in +++ b/docs/man/clamscan.1.in @@ -117,26 +117,20 @@ Mark broken executables as viruses (Broken.Executable). \fB\-\-block\-encrypted\fR Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). .TP -\fB\-\-block\-max\fR -Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit) if max\-files, max\-space, or max\-recursion is reached. -.TP \fB\-\-mail\-follow\-urls\fR If an email contains URLs ClamAV can download and scan them. \fBWARNING: This option may open your system to a DoS attack. Never use it on loaded servers.\fR .TP \fB\-\-max\-files=#n\fR -Extract first #n files from each archive. This option protects your system against DoS attacks (default: 500) +Extract at most #n files from each scanned file (when this is an archive, a document or another kind of container). This option protects your system against DoS attacks (default: 10000) .TP -\fB\-\-max\-space=#n\fR -Extract first #n kilobytes from each archive. You may pass the value in megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 10 MB) +\fB\-\-max\-filesize=#n\fR +Extract and scan at most #n kilobytes from each archive. You may pass the value in megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 25 MB) .TP -\fB\-\-max\-recursion=#n\fR -Set archive recursion level limit. This option protects your system against DoS attacks (default: 8). +\fB\-\-max\-scansize=#n\fR +Extract and scan at most #n kilobytes from each scanned file. You may pass the value in megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 100 MB) .TP -\fB\-\-max\-ratio=#n\fR -Set maximum archive compression ratio limit. This option protects your system against DoS attacks (default: 250). -.TP -\fB\-\-max\-mail\-recursion=#n\fR -Recursion level limit for the internal mail scanner. +\fB\-\-max\-recursion=#n\fR +Set archive recursion level limit. This option protects your system against DoS attacks (default: 16). .TP \fB\-\-max\-dir\-recursion=#n\fR Maximum depth directories are scanned at (default: 15). diff --git a/etc/clamd.conf b/etc/clamd.conf index d4afeb79b..d9efb9300 100644 --- a/etc/clamd.conf +++ b/etc/clamd.conf @@ -263,6 +263,20 @@ LocalSocket /tmp/clamd.socket # Default: yes #ScanArchive yes +# Use slower but memory efficient decompression algorithm. +# only affects the bzip2 decompressor. +# Default: no +#ArchiveLimitMemoryUsage yes + +# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). +# Default: no +#ArchiveBlockEncrypted no + + +## +## Limits +## + # The options below protect your system against Denial of Service attacks # using archive bombs. @@ -275,7 +289,9 @@ LocalSocket /tmp/clamd.socket # Default: 100M #MaxScanSize 150M -# Files larger than this limit won't be scanned. +# Files larger than this limit won't be scanned. Affects the input file itself +# as well as files contained inside it (when the input file is an archive, a +# document or some other kind of container). # Value of 0 disables the limit. # Note: disabling this limit or setting it too high may result in severe damage # to the system. @@ -291,22 +307,14 @@ LocalSocket /tmp/clamd.socket # Default: 16 #MaxRecursion 10 -# Number of files to be scanned within an archive, a document, ecc. +# Number of files to be scanned within an archive, a document, or any other +# container file. # Value of 0 disables the limit. # Note: disabling this limit or setting it too high may result in severe damage # to the system. # Default: 10000 #MaxFiles 15000 -# Use slower but memory efficient decompression algorithm. -# only affects the bzip2 decompressor. -# Default: no -#ArchiveLimitMemoryUsage yes - -# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). -# Default: no -#ArchiveBlockEncrypted no - ## ## Clamuko settings