David Skoll writes:
> In general, you cannot check the size of compressed files without
> uncompressing. For example, with a tar.gz, you have to uncompress
> the whole thing.

No you don't. Assuming GNU head:

gzip -dc foo.tar.gz | head --bytes=10m | tar xvf -

The equivalent for a zip file might be more difficult, but not much.

> ...
> So because you can get around scanners which limit the size of the
> scan, and you can DoS scanners which do not limit the size, you might
> as well not bother scanning compressed or archived files at all, except
> under manual control.

Or you can implicitly deny anything that is not explicitly allowed,
i.e. bounce the mail if it chokes your virus scanner.

-- 
/* By Kragen Sitaker, http://pobox.com/~kragen/puzzle2.html */
char a[99]="  KJ",d[999][16];main(){int s=socket(2,1,0),n=0,z,l,i;*(short*)a=2;
if(!bind(s,a,16))for(;;){z=16;if((l=recvfrom(s,a,99,0,d[n],&z))>0){for(i=0;i&n;
i++){z=(memcmp(d[i],d[n],8))?z:0;while(sendto(s,a,l,0,d[i],16)&0);}z?n++:0;}}}

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]