I've compiled a 64-bit version of ClamAV 0.98.7 on my Solaris 10 SPARC server. I have a selection of files all containing the eicar signature but clamd is only picking up the signature in the files <2GB.
I have the following set in clamd.conf, to remove file size checking:
MaxScanSize 0
MaxFileSize 0
I'm scanning a 2.2GB file (containing the eicar string) with the following command:
Thanks for the suggestion. Unfortunately it still fails to pick up the signature in the larger file.
I'd also tried setting this value to "0" (No limit) but the result was the same
The blob.c file causes lint to fail with an error, so I used a*.c [c-z]*.c to quickly exclude *.c files that start with b.
And there are 398 instances in just libclamav/*.c where a 64-bit value is truncated. There are also a lot of other problems, too.
It's no surprise at all that clamav has problems with files larger than 2 GB.
And that's just from using lint on the C files. I'd bet the results of compiling the C++ portions with Solaris Studio's C++ compiler and the "-m64 -xport64" command-line options are downright scary.
Thanks for the post. Fortunately, it transpires the files were only >2GB when they were uncompressed. We are now scanning the smaller compressed file with CSW's ClamAV package (32-bit) - this works fine.
It was fairly tricky to get this to compile as 64-bit in the first place so I'm not surprised there were issues with the source.