[Avcheck] big archives

Max Kalika max@lsit.ucsb.edu
Mon, 17 Jun 2002 11:32:01 -0700


Quoting Michael Tokarev <mjt@tls.msk.ru>:

> [Please excuse me for long delay]

no problem, we're all busy. :-)

> I think the best method for now is to ignore error return from
> sophie/sophos -- until their software will be fixed.  That is, just treat
> -1 return just like there is no viruses.

Is there a way to tell avcheck to ignore -1?  But more generally, this may
not be a good idea since someone can just stuff gigabytes of zeros into an
archive with the virus as the second file.  Sophie would return -1, and the
message would go through.

> It's not "sophie support" in avcheck that is "weak", but sophos antivirus
> is unable to handle mime/email format properly.

Actually, I put sophie/sophos through some tests and it has been pretty
solid.
 
> BTW, try out drweb - it has good protection against such bad input.

We already paid for a 1000 user license of sophos. I'd hate to waste that.
And their support said they're working on these issues, so it should be
better soon-ish (hopefully).

---max kalika
--max@lsit.ucsb.edu
-lsit systems administrator