fix(antivirus | backport): introduce a default max scan size for the full example deployment#620
Conversation
|
@micbar I'm totally undecided about whether we should also set a default in the code... the advantage: even non-Docker example deployments would run out of the box with the default clamav config... on the other hand, we would be able to outsmart installations that deliberately have no limit (0) and a correspondingly configured scanner, skipping files larger than the "new" default... e.g. hellllp :) |
dragotin
left a comment
There was a problem hiding this comment.
👍
Keep changes small for stable branch, ie. doc changes here are almost too much.
|
|
||
| Scanner Scanner | ||
| MaxScanSize string `yaml:"max-scan-size" env:"ANTIVIRUS_MAX_SCAN_SIZE" desc:"The maximum scan size the virus scanner can handle. Only this many bytes of a file will be scanned. 0 means unlimited and is the default. Usable common abbreviations: [KB, KiB, MB, MiB, GB, GiB, TB, TiB, PB, PiB, EB, EiB], example: 2GB." introductionVersion:"1.0.0"` | ||
| MaxScanSize string `yaml:"max-scan-size" env:"ANTIVIRUS_MAX_SCAN_SIZE" desc:"The maximum scan size the virus scanner can handle. 0 means unlimited. Usable common abbreviations: [KB, KiB, MB, MiB, GB, GiB, TB, TiB, PB, PiB, EB, EiB], example: 2GB." introductionVersion:"1.0.0"` |
There was a problem hiding this comment.
| MaxScanSize string `yaml:"max-scan-size" env:"ANTIVIRUS_MAX_SCAN_SIZE" desc:"The maximum scan size the virus scanner can handle. 0 means unlimited. Usable common abbreviations: [KB, KiB, MB, MiB, GB, GiB, TB, TiB, PB, PiB, EB, EiB], example: 2GB." introductionVersion:"1.0.0"` | |
| MaxScanSize string `yaml:"max-scan-size" env:"ANTIVIRUS_MAX_SCAN_SIZE" desc:"The maximum size the virus scanner is allowed to scan per file. Bigger files are scanned partially. 0 means unlimited. Usable common abbreviations: [KB, KiB, MB, MiB, GB, GiB, TB, TiB, PB, PiB, EB, EiB], example: 2GB." introductionVersion:"1.0.0"` |
There was a problem hiding this comment.
ok, ok, just fix it in main ;-)
|
I tested it on my local setup uploading small image, pdf, txt, move 10mb files works ✅️ But: I cannot download:
all files hang in postprocessing state with log: |
You set the size to 500mb, have you also adjusted the clamav configuration? If not it will fail! The changes in the back port only affect the docker compose setup and does not change any behavior in the binary |
Thanks Flo) I figure out how to run |

Description
The current full example Docker deployment lacks a maximum scan size when the virus scanner is enabled. As a result, all files are scanned regardless of size. However, since Clamav has limits set in the default setup, this combination results in orphaned files that get stuck in post-processing.
The problem has already been fixed in the current main branch. Since an additional scan mode has been integrated here, a full backport is not possible. Therefore, I have only fixed the bare minimum to resolve the bug in these installations.
Related Issue
Motivation and Context
Quite simply, the basic installation from our example deployment should run error-free out of the box
How Has This Been Tested?
Types of changes
Checklist: