Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Why does KlamAV keep marking an archive as infected with “Oversized.Zip” even though other virus scanners haven picked it up?

archive Infected klamav scanners virus
0
Posted

Why does KlamAV keep marking an archive as infected with “Oversized.Zip” even though other virus scanners haven picked it up?

0 CommentsAdd a Comment

1 Answer

0

KlamAV marks a file with this infection, if the ArchiveMaxCompressionRatio limit is exceeded. This ratio can be increased in the Options dialog’s Archive Limits section, found from the Scan tab. An “Oversized.Zip” warning is an indicator that KlamAV has determined the compression ratio of the archive is higher than the pre-configured limit which could therefore be indicative of a potential logic bomb. This warning can also trigger on legitimate archives if the file(s) within them are objects which can be compressed significantly, such as BMP or plain text files.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123