Raise artificial 4G limit for MaxScanSize

[micahsnyder]

This limit is internally "long long", so >=64-bit even on 32-bit platforms. Also fixes a related issue where limits could have been set to negative values on 64-bit platforms where setting a "long long" (64-bit signed) can overflow if assigned from an "unsigned long" (64-bit unsigned).

Resolves: #809

[micahsnyder]

@ragusaa approved #945 which was the same as this one, except this is rebased to have the latest commits from main.

I want to see this run through Jenkins before I merge it -- as the tests never ran on the previous PR.

[micahsnyder]

Some internal tests that expected specifying LogFileMaxSize to fail when using 1g or 1G now pass with this change (yay!). I'll update the tests and re-run this through Jenkins again.

[micahsnyder]

Thanks so much for the contribution @matthias-fratz-bsz

[McPatate]

Hey there! I'm still getting the following warning from LibClamAV:

LibClamAV Warning: Max file-size was set to 10485760000 bytes. Unfortunately, scanning files greater than 2147483647 bytes (2 GiB - 1) is not supported.

I assumed this wouldn't be the case after this PR, have I misunderstood something? I'm running clamscan with the following args:

clamscan --max-scansize=10000M --max-filesize=10000M ~/Downloads/bf16_zero_pp_rank_0_mp_rank_02_optim_states.pt

I ran it in 1.0.0, 1.0.6 and 1.3.1 and the only difference is that in 1.0.0 I only get the "old" warning which looked like this:

WARNING: Numerical value for option max-scansize too high, resetting to 4G
WARNING: Numerical value for option max-filesize too high, resetting to 4G

which does not appear in 1.0.6 nor 1.3.1.

[micahsnyder]

@McPatate file-size is different from scan-size. file-size is still capped at ~2GB, and is the reason you're seeing that message. This PR only raised the limit for scan-size.

[McPatate]

@micahsnyder, just to clarify, does this mean that the maximum file size ClamAV can scan is 2GB - 1? In other words, ClamAV will only scan larger files if they are archives that, when uncompressed, exceed the 2GB limit and are thus subject to the MaxScanSize constraint. Is my understanding correct?

If so, are there any plans to raise the limit here as well?

[micahsnyder]

@McPatate The maximum size for any file or extracted file is the max-filesize limit, so at most 2GB.

The amount of data scanned while processing a given file is limited by the max scan-size. This includes:

• scannning an archive and then scanning extracted embedded files.
• re-scanning the file as a different type, if needed.
• normalizing the file to improve signature effectiveness and then re-scanning the normalized file.
• etc.

Regarding the 2GB max file-size limit, see #344

[McPatate]

Understood, thank you for taking the time to detail what is going on!