From d1656ee241cf4ca492958deaff96c90f8b2a8ffe Mon Sep 17 00:00:00 2001 From: Micah Snyder Date: Thu, 3 Mar 2022 14:21:25 -0800 Subject: [PATCH] Increase default file maximums MaxFileSize 25M -> 100M MaxScanSize 100M -> 400M StreamMaxLength 25M -> 100M MaxEmbeddedPE 10M -> 40M MaxHTMLNormalize 10M -> 40M MaxHTMLNoTags 2M -> 8M MaxScriptNormalize 5M -> 20M PCREMaxFileSIze 25M -> 100M --- common/optparser.c | 16 +++++++------- docs/man/clamd.conf.5.in | 16 +++++++------- etc/clamd.conf.sample | 32 +++++++++++++-------------- libclamav/default.h | 16 +++++++------- win32/conf_examples/clamd.conf.sample | 32 +++++++++++++-------------- 5 files changed, 56 insertions(+), 56 deletions(-) diff --git a/common/optparser.c b/common/optparser.c index 37b840c4f..4ff18c896 100644 --- a/common/optparser.c +++ b/common/optparser.c @@ -296,7 +296,7 @@ const struct clam_option __clam_options[] = { {"MaxConnectionQueueLength", NULL, 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, 200, NULL, 0, OPT_CLAMD, "Maximum length the queue of pending connections may grow to.", "30"}, - {"StreamMaxLength", NULL, 0, CLOPT_TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_MAXFILESIZE, NULL, 0, OPT_CLAMD, "Close the STREAM session when the data size limit is exceeded.\nThe value should match your MTA's limit for the maximum attachment size.", "25M"}, + {"StreamMaxLength", NULL, 0, CLOPT_TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_MAXFILESIZE, NULL, 0, OPT_CLAMD, "Close the STREAM session when the data size limit is exceeded.\nThe value should match your MTA's limit for the maximum attachment size.", "100M"}, {"StreamMinPort", NULL, 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, 1024, NULL, 0, OPT_CLAMD, "The STREAM command uses an FTP-like protocol.\nThis option sets the lower boundary for the port range.", "1024"}, @@ -435,22 +435,22 @@ const struct clam_option __clam_options[] = { {"MaxScanTime", "max-scantime", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum amount of time a scan may take to complete.\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result allow scanning\nof certain files to lock up the scanning process/threads resulting in a Denial of Service.\nThe value is in milliseconds.", "120000"}, - {"MaxScanSize", "max-scansize", 0, CLOPT_TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_MAXSCANSIZE, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum amount of data to be scanned for each input file.\nArchives and other containers are recursively extracted and scanned up to this\nvalue.\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe\ndamage.", "100M"}, + {"MaxScanSize", "max-scansize", 0, CLOPT_TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_MAXSCANSIZE, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum amount of data to be scanned for each input file.\nArchives and other containers are recursively extracted and scanned up to this\nvalue.\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe\ndamage.", "400M"}, - {"MaxFileSize", "max-filesize", 0, CLOPT_TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_MAXFILESIZE, NULL, 0, OPT_CLAMD | OPT_MILTER | OPT_CLAMSCAN, "Files/messages larger than this limit won't be scanned. Affects the input\nfile itself as well as files contained inside it (when the input file is\nan archive, a document or some other kind of container).\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe\ndamage to the system.", "25M"}, + {"MaxFileSize", "max-filesize", 0, CLOPT_TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_MAXFILESIZE, NULL, 0, OPT_CLAMD | OPT_MILTER | OPT_CLAMSCAN, "Files/messages larger than this limit won't be scanned. Affects the input\nfile itself as well as files contained inside it (when the input file is\nan archive, a document or some other kind of container).\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe\ndamage to the system.", "100M"}, {"MaxRecursion", "max-recursion", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, CLI_DEFAULT_MAXRECLEVEL, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR\nfile, all files within it will also be scanned. This option specifies how\ndeeply the process should be continued.\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe\ndamage to the system.", "17"}, {"MaxFiles", "max-files", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, CLI_DEFAULT_MAXFILES, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Number of files to be scanned within an archive, a document, or any other\ncontainer file.\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe\ndamage to the system.", "10000"}, /* Engine maximums */ - {"MaxEmbeddedPE", "max-embeddedpe", 0, CLOPT_TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_MAXEMBEDDEDPE, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum size of a file to check for embedded PE.\nFiles larger than this value will skip the additional analysis step.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "10M"}, + {"MaxEmbeddedPE", "max-embeddedpe", 0, CLOPT_TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_MAXEMBEDDEDPE, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum size of a file to check for embedded PE.\nFiles larger than this value will skip the additional analysis step.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "40M"}, - {"MaxHTMLNormalize", "max-htmlnormalize", 0, CLOPT_TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_MAXHTMLNORMALIZE, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum size of a HTML file to normalize.\nHTML files larger than this value will not be normalized or scanned.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "10M"}, + {"MaxHTMLNormalize", "max-htmlnormalize", 0, CLOPT_TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_MAXHTMLNORMALIZE, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum size of a HTML file to normalize.\nHTML files larger than this value will not be normalized or scanned.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "40M"}, - {"MaxHTMLNoTags", "max-htmlnotags", 0, CLOPT_TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_MAXHTMLNOTAGS, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum size of a normalized HTML file to scan.\nHTML files larger than this value after normalization will not be scanned.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "2M"}, + {"MaxHTMLNoTags", "max-htmlnotags", 0, CLOPT_TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_MAXHTMLNOTAGS, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum size of a normalized HTML file to scan.\nHTML files larger than this value after normalization will not be scanned.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "8M"}, - {"MaxScriptNormalize", "max-scriptnormalize", 0, CLOPT_TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_MAXSCRIPTNORMALIZE, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum size of a script file to normalize.\nScript content larger than this value will not be normalized or scanned.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "5M"}, + {"MaxScriptNormalize", "max-scriptnormalize", 0, CLOPT_TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_MAXSCRIPTNORMALIZE, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum size of a script file to normalize.\nScript content larger than this value will not be normalized or scanned.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "20M"}, {"MaxZipTypeRcg", "max-ziptypercg", 0, CLOPT_TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_MAXZIPTYPERCG, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum size of a ZIP file to reanalyze type recognition.\nZIP files larger than this value will skip the step to potentially reanalyze as PE.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "1M"}, @@ -464,7 +464,7 @@ const struct clam_option __clam_options[] = { {"PCRERecMatchLimit", "pcre-recmatch-limit", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, CLI_DEFAULT_PCRE_RECMATCH_LIMIT, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum recursive calls to the PCRE match function during an instance of regex matching.\nInstances using more than this limit will be terminated and alert the user but the scan will continue.\nFor more information on match_limit_recursion, see the PCRE documentation.\nNegative values are not allowed and values > PCREMatchLimit are superfluous.\nWARNING: setting this limit too high may severely impact performance.", "5000"}, - {"PCREMaxFileSize", "pcre-max-filesize", 0, CLOPT_TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_PCRE_MAX_FILESIZE, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum filesize for which PCRE subsigs will be executed.\nFiles exceeding this limit will not have PCRE subsigs executed unless a subsig is encompassed to a smaller buffer.\nNegative values are not allowed.\nSetting this value to zero disables the limit.\nWARNING: setting this limit too high or disabling it may severely impact performance.", "25M"}, + {"PCREMaxFileSize", "pcre-max-filesize", 0, CLOPT_TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_PCRE_MAX_FILESIZE, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum filesize for which PCRE subsigs will be executed.\nFiles exceeding this limit will not have PCRE subsigs executed unless a subsig is encompassed to a smaller buffer.\nNegative values are not allowed.\nSetting this value to zero disables the limit.\nWARNING: setting this limit too high or disabling it may severely impact performance.", "100M"}, /* OnAccess settings */ {"OnAccessMountPath", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD, "This option specifies a directory or mount point which should be scanned on access. The mount point specified, or the mount point containing the specified directory will be watched, but only notifications will occur. If any directories are specified, this option will preempt the DDD system. It can also be used multiple times.", "/\n/home/user"}, diff --git a/docs/man/clamd.conf.5.in b/docs/man/clamd.conf.5.in index c5ceb420b..3e6cecf24 100644 --- a/docs/man/clamd.conf.5.in +++ b/docs/man/clamd.conf.5.in @@ -144,7 +144,7 @@ Close the STREAM session when the data size limit is exceeded. .br The value should match your MTA's limit for the maximum attachment size. .br -Default: 25M +Default: 100M .TP \fBStreamMinPort NUMBER\fR The STREAM command uses an FTP-like protocol. @@ -546,12 +546,12 @@ Default: 120000 \fBMaxScanSize SIZE\fR Sets the maximum amount of data to be scanned for each input file. Archives and other containers are recursively extracted and scanned up to this value. The size of an archive plus the sum of the sizes of all files within archive count toward the scan size. For example, a 1M uncompressed archive containing a single 1M inner file counts as 2M toward the max scan size. \fBWarning: disabling this limit or setting it too high may result in severe damage to the system.\fR .br -Default: 100M +Default: 400M .TP \fBMaxFileSize SIZE\fR Files larger than this limit won't be scanned. Affects the input file itself as well as files contained inside it (when the input file is an archive, a document or some other kind of container). \fBWarning: disabling this limit or setting it too high may result in severe damage to the system. Technical design limitations prevent ClamAV from scanning files greater than 2 GB at this time.\fR .br -Default: 25M +Default: 100M .TP \fBMaxRecursion NUMBER\fR Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR file, all files within it will also be scanned. This options specifies how deeply the process should be continued. \fBWarning: setting this limit too high may result in severe damage to the system.\fR @@ -570,7 +570,7 @@ Files larger than this value will skip the additional analysis step. .br Negative values are not allowed. .br -Default: 10M +Default: 40M .TP \fBMaxHTMLNormalize SIZE\fR This option sets the maximum size of a HTML file to normalize. @@ -579,7 +579,7 @@ HTML files larger than this value will not be normalized or scanned. .br Negative values are not allowed. .br -Default: 10M +Default: 40M .TP \fBMaxHTMLNoTags SIZE\fR This option sets the maximum size of a normalized HTML file to scan. @@ -588,7 +588,7 @@ HTML files larger than this value after normalization will not be scanned. .br Negative values are not allowed. .br -Default: 2M +Default: 8M .TP \fBMaxScriptNormalize SIZE\fR This option sets the maximum size of a script file to normalize. @@ -597,7 +597,7 @@ Script content larger than this value will not be normalized or scanned. .br Negative values are not allowed. .br -Default: 5M +Default: 20M .TP \fBMaxZipTypeRcg SIZE\fR This option sets the maximum size of a ZIP file to reanalyze type recognition. @@ -682,7 +682,7 @@ Setting this value to zero disables the limit. .br WARNING: setting this limit too high or disabling it may severely impact performance. .br -Default: 25M +Default: 100M .TP \fBOnAccessIncludePath STRING\fR This option specifies a directory (including all files and directories inside it), which should be scanned on access. This option can be used multiple times. diff --git a/etc/clamd.conf.sample b/etc/clamd.conf.sample index 1602888b4..2f1886691 100644 --- a/etc/clamd.conf.sample +++ b/etc/clamd.conf.sample @@ -129,8 +129,8 @@ Example # Close the connection when the data size limit is exceeded. # The value should match your MTA's limit for a maximum attachment size. -# Default: 25M -#StreamMaxLength 10M +# Default: 100M +#StreamMaxLength 25M # Limit port range. # Default: 1024 @@ -524,8 +524,8 @@ Example # Value of 0 disables the limit # Note: disabling this limit or setting it too high may result in severe damage # to the system. -# Default: 100M -#MaxScanSize 150M +# Default: 400M +#MaxScanSize 1000M # Files larger than this limit won't be scanned. Affects the input file itself # as well as files contained inside it (when the input file is an archive, a @@ -535,8 +535,8 @@ Example # to the system. # Technical design limitations prevent ClamAV from scanning files greater than # 2 GB at this time. -# Default: 25M -#MaxFileSize 30M +# Default: 100M +#MaxFileSize 400M # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR # file, all files within it will also be scanned. This options specifies how @@ -557,29 +557,29 @@ Example # will skip the additional analysis step. # Note: disabling this limit or setting it too high may result in severe damage # to the system. -# Default: 10M -#MaxEmbeddedPE 10M +# Default: 40M +#MaxEmbeddedPE 100M # Maximum size of a HTML file to normalize. HTML files larger than this value # will not be normalized or scanned. # Note: disabling this limit or setting it too high may result in severe damage # to the system. -# Default: 10M -#MaxHTMLNormalize 10M +# Default: 40M +#MaxHTMLNormalize 100M # Maximum size of a normalized HTML file to scan. HTML files larger than this # value after normalization will not be scanned. # Note: disabling this limit or setting it too high may result in severe damage # to the system. -# Default: 2M -#MaxHTMLNoTags 2M +# Default: 8M +#MaxHTMLNoTags 16M # Maximum size of a script file to normalize. Script content larger than this # value will not be normalized or scanned. # Note: disabling this limit or setting it too high may result in severe damage # to the system. -# Default: 5M -#MaxScriptNormalize 5M +# Default: 20M +#MaxScriptNormalize 50M # Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger # than this value will skip the step to potentially reanalyze as PE. @@ -644,8 +644,8 @@ Example # Setting this value to zero disables the limit. # WARNING: setting this limit too high or disabling it may severely impact # performance. -# Default: 25M -#PCREMaxFileSize 100M +# Default: 100M +#PCREMaxFileSize 400M # When AlertExceedsMax is set, files exceeding the MaxFileSize, MaxScanSize, or # MaxRecursion limit will be flagged with the virus name starting with diff --git a/libclamav/default.h b/libclamav/default.h index 42a28226e..c698536c1 100644 --- a/libclamav/default.h +++ b/libclamav/default.h @@ -34,18 +34,18 @@ #define CLI_DEFAULT_BM_OFFMODE_FSIZE 262144 #define CLI_DEFAULT_TIMELIMIT (1000 * 60 * 2) // 2 minutes -#define CLI_DEFAULT_MAXSCANSIZE (1024 * 1024 * 100) // 100 MB -#define CLI_DEFAULT_MAXFILESIZE (1024 * 1024 * 25) // 25 MB +#define CLI_DEFAULT_MAXSCANSIZE (1024 * 1024 * 400) // 400 MB +#define CLI_DEFAULT_MAXFILESIZE (1024 * 1024 * 100) // 100 MB #define CLI_DEFAULT_MAXRECLEVEL 17 #define CLI_DEFAULT_MAXFILES 10000 #define CLI_DEFAULT_MIN_CC_COUNT 3 #define CLI_DEFAULT_MIN_SSN_COUNT 3 -#define CLI_DEFAULT_MAXEMBEDDEDPE 10485760 -#define CLI_DEFAULT_MAXHTMLNORMALIZE 10485760 -#define CLI_DEFAULT_MAXHTMLNOTAGS 2097152 -#define CLI_DEFAULT_MAXSCRIPTNORMALIZE 5242880 -#define CLI_DEFAULT_MAXZIPTYPERCG 1048576 +#define CLI_DEFAULT_MAXEMBEDDEDPE (1024 * 1024 * 40) // 40 MB +#define CLI_DEFAULT_MAXHTMLNORMALIZE (1024 * 1024 * 40) // 40 MB +#define CLI_DEFAULT_MAXHTMLNOTAGS (1024 * 1024 * 8) // 8 MB +#define CLI_DEFAULT_MAXSCRIPTNORMALIZE (1024 * 1024 * 20) // 20 MB +#define CLI_DEFAULT_MAXZIPTYPERCG (1024 * 1024 * 1) // 1 MB #define CLI_DEFAULT_MAXICONSPE 100 #define CLI_DEFAULT_MAXRECHWP3 16 @@ -54,7 +54,7 @@ /* TODO - set better defaults */ #define CLI_DEFAULT_PCRE_MATCH_LIMIT 100000 #define CLI_DEFAULT_PCRE_RECMATCH_LIMIT 2000 -#define CLI_DEFAULT_PCRE_MAX_FILESIZE 26214400 +#define CLI_DEFAULT_PCRE_MAX_FILESIZE (1024 * 1024 * 100) // 100 MB // clang-format on diff --git a/win32/conf_examples/clamd.conf.sample b/win32/conf_examples/clamd.conf.sample index 06d6fbe4b..08fdfd7d6 100644 --- a/win32/conf_examples/clamd.conf.sample +++ b/win32/conf_examples/clamd.conf.sample @@ -102,8 +102,8 @@ TCPAddr localhost # Close the connection when the data size limit is exceeded. # The value should match your MTA's limit for a maximum attachment size. -# Default: 25M -#StreamMaxLength 10M +# Default: 100M +#StreamMaxLength 25M # Limit port range. # Default: 1024 @@ -497,8 +497,8 @@ TCPAddr localhost # Value of 0 disables the limit # Note: disabling this limit or setting it too high may result in severe damage # to the system. -# Default: 100M -#MaxScanSize 150M +# Default: 400M +#MaxScanSize 1000M # Files larger than this limit won't be scanned. Affects the input file itself # as well as files contained inside it (when the input file is an archive, a @@ -508,8 +508,8 @@ TCPAddr localhost # to the system. # Technical design limitations prevent ClamAV from scanning files greater than # 2 GB at this time. -# Default: 25M -#MaxFileSize 30M +# Default: 100M +#MaxFileSize 400M # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR # file, all files within it will also be scanned. This options specifies how @@ -530,29 +530,29 @@ TCPAddr localhost # will skip the additional analysis step. # Note: disabling this limit or setting it too high may result in severe damage # to the system. -# Default: 10M -#MaxEmbeddedPE 10M +# Default: 40M +#MaxEmbeddedPE 100M # Maximum size of a HTML file to normalize. HTML files larger than this value # will not be normalized or scanned. # Note: disabling this limit or setting it too high may result in severe damage # to the system. -# Default: 10M -#MaxHTMLNormalize 10M +# Default: 40M +#MaxHTMLNormalize 100M # Maximum size of a normalized HTML file to scan. HTML files larger than this # value after normalization will not be scanned. # Note: disabling this limit or setting it too high may result in severe damage # to the system. -# Default: 2M -#MaxHTMLNoTags 2M +# Default: 8M +#MaxHTMLNoTags 16M # Maximum size of a script file to normalize. Script content larger than this # value will not be normalized or scanned. # Note: disabling this limit or setting it too high may result in severe damage # to the system. -# Default: 5M -#MaxScriptNormalize 5M +# Default: 20M +#MaxScriptNormalize 50M # Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger # than this value will skip the step to potentially reanalyze as PE. @@ -617,8 +617,8 @@ TCPAddr localhost # Setting this value to zero disables the limit. # WARNING: setting this limit too high or disabling it may severely impact # performance. -# Default: 25M -#PCREMaxFileSize 100M +# Default: 100M +#PCREMaxFileSize 400M # When AlertExceedsMax is set, files exceeding the MaxFileSize, MaxScanSize, or # MaxRecursion limit will be flagged with the virus name starting with