[Avcheck] big archives
Max Kalika
max@lsit.ucsb.edu
Mon, 17 Jun 2002 11:32:01 -0700
Quoting Michael Tokarev <mjt@tls.msk.ru>:
> [Please excuse me for long delay]
no problem, we're all busy. :-)
> I think the best method for now is to ignore error return from
> sophie/sophos -- until their software will be fixed. That is, just treat
> -1 return just like there is no viruses.
Is there a way to tell avcheck to ignore -1? But more generally, this may
not be a good idea since someone can just stuff gigabytes of zeros into an
archive with the virus as the second file. Sophie would return -1, and the
message would go through.
> It's not "sophie support" in avcheck that is "weak", but sophos antivirus
> is unable to handle mime/email format properly.
Actually, I put sophie/sophos through some tests and it has been pretty
solid.
> BTW, try out drweb - it has good protection against such bad input.
We already paid for a 1000 user license of sophos. I'd hate to waste that.
And their support said they're working on these issues, so it should be
better soon-ish (hopefully).
---max kalika
--max@lsit.ucsb.edu
-lsit systems administrator