Replacing --fdpass with --stream prevents the (null) issue and reveals that the file exceeds the MaxScanSize limit (and it would also exceed the MaxFileSize limit):
However, It is interesting to observe that clamdscan --multiscan --fdpass does report some other files as exceeding the MaxScanSize limit:
$ clamdscan --multiscan --fdpass --verbose
...
/home/jonas/Downloads/win64Binaries.zip: Heuristics.Limits.Exceeded.MaxScanSize FOUND
...
Also, daemon-less clamscan works without issues, even though the file was previously reported to exceed MaxScanSize, and is over 25 MB (and both limits haven't been changed from their default values):
Describe the bug
clamdscan --multiscan --fdpass
reports some files as detected with(null)
.How to reproduce the problem
This happens with a lot of files, but one example is the Python 3.10.1 installer for 64-bit Windows.
Using the default limits, the file is detected with
(null)
.Replacing
--fdpass
with--stream
prevents the(null)
issue and reveals that the file exceeds theMaxScanSize
limit (and it would also exceed theMaxFileSize
limit):However, It is interesting to observe that
clamdscan --multiscan --fdpass
does report some other files as exceeding theMaxScanSize
limit:Also, daemon-less
clamscan
works without issues, even though the file was previously reported to exceedMaxScanSize
, and is over 25 MB (and both limits haven't been changed from their default values):Attachments