Configure the ClamAV antivirus service scan limits.
sentinel --task=antivirus:scanninglimits
Option |
Value | Default | Description |
---|---|---|---|
--MaxScanTime |
<digit> | 120000 | The maximum amount of time to a scan may take (in milliseconds). This field currently only affects the scan time of ZIP archives. Value of 0 disables the limit. Note: disabling this limit or setting it too high may result allow scanning certain files to lock up the scanning process/threads resulting in a Denial of Service. |
--MaxScanSize |
<string> | 400M | Set the maximum amount of data to be scanned for each input file. Archives and other containers are recursively extracted and scanned up to this value. A value of 0 disables the limit. Note: disabling this limit or setting it too high may result in severe damage to the system. |
--MaxFileSize |
<string> | 100M | Files larger than this limit will not be scanned. A value of 0 disables the limit. Note: disabling this limit or setting it too high may result in severe damage to the system. |
--MaxRecursion |
<digit> | 17 | Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR file, all files within it will also be scanned. This options specifies how deeply the process should be continued. Note: disabling this limit or setting it too high may result in severe damage to the system. |
--MaxFiles |
<digit> | 10000 | The number of files to be scanned within an archive, a document, or any other container file. A value of 0 disables the limit. Note: disabling this limit or setting it too high may result in severe damage to the system. |
--MaxEmbeddedPE |
<string> | 40M | The maximum size of a file to check for embedded PE. Files larger than this value will skip the additional analysis step. Note: disabling this limit or setting it too high may result in severe damage to the system. |
--MaxHTMLNormalize |
<string> | 40M | The maximum size of a HTML file to normalize. HTML files larger than this value will not be normalized or scanned. Note: disabling this limit or setting it too high may result in severe damage to the system. |
--MaxHTMLNoTags |
<string> | 8M | The maximum size of a normalized HTML file to scan. HTML files larger than this value after normalization will not be scanned. Note: disabling this limit or setting it too high may result in severe damage to the system. |
--MaxScriptNormalize |
<string> | 20M | The maximum size of a script file to normalize. Script content larger than this value will not be normalized or scanned. Note: disabling this limit or setting it too high may result in severe damage to the system. |
--MaxZipTypeRcg |
<string> | 1M | The maximum size of a ZIP file to reanalyze type recognition. ZIP files larger than this value will skip the step to potentially reanalyze as PE. Note: disabling this limit or setting it too high may result in severe damage to the system. |
--MaxPartitions |
<digit> | 50 | The maximum number of partitions of a raw disk image to be scanned.Raw disk images with more partitions than this value will have up to the value number partitions scanned. Negative values are not allowed. Note: setting this limit too high may result in severe damage or impact performance. |
--MaxIconsPE |
<digit> | 100 | The maximum number of icons within a PE to be scanned. PE files with more icons than this value will have up to the value number icons scanned. Negative values are not allowed. WARNING: setting this limit too high may result in severe damage or impact performance. |
--MaxRecHWP3 |
<digit> | 16 | The maximum recursive calls for HWP3 parsing during scanning. HWP3 files using more than this limit will be terminated and alert the user. Scans will be unable to scan any HWP3 attachments if the recursive limit is reached. Negative values are not allowed. WARNING: setting this limit too high may result in severe damage or impact performance. |
--PCREMatchLimit |
<digit> | 100000 | The maximum calls to the PCRE match function during an instance of regex matching. Instances using more than this limit will be terminated and alert the user but the scan will continue. Negative values are not allowed. WARNING: setting this limit too high may severely impact performance. |
--PCRERecMatchLimit |
<digit> | 2000 | The maximum recursive calls to the PCRE match function during an instance of regex matching. Instances using more than this limit will be terminated and alert the user but the scan will continue. Negative values are not allowed and values > PCREMatchLimit are superfluous. WARNING: setting this limit too high may severely impact performance. |
--PCREMaxFileSize |
<string> | 100M | The maximum filesize for which PCRE subsigs will be executed. Files exceeding this limit will not have PCRE subsigs executed unless a subsig is encompassed to a smaller buffer. Negative values are not allowed. Setting this value to zero disables the limit. WARNING: setting this limit too high or disabling it may severely impact performance. |
--default |
<yes> | Reset all settings to their default values. | |
--default_option |
<option> | Reset a specific setting to its default value. | |
--restart |
<yes> | Restart the service after saving settings. |
// set the MaxScanTime
sentinel --task=antivirus:scanninglimits --MaxScanTime=240000 --restart=yes
// reset the MaxScanTime back to its default value
sentinel --task=antivirus:scanninglimits --default_option=MaxScanTime --restart=yes
// reset all settings to their default values
sentinel --task=antivirus:scanninglimits --default=yes --restart=yes