On 4/22/2010 4:10 PM, Michael Scheidell wrote:
> On 4/22/10 5:03 PM, Noel Jones wrote:
>> With clamav (and likely other virus scanners), it's necessary
>> for the scanner to see the whole message for some signatures
>> to match. Normally one would just set $bypass_decode_parts =
>> 1 for this.
>>
> actually, there is a way to do this.
>
> I use this, don't remember what else I did, but all the 'sanesecurity'
> tests pass. and banned attachment blocking, bouncekiller, all work.
>
>
> $bypass_decode_parts = 0;
> and change av scanners to this: (gets the whole email)
> @av_scanners = (
> ['ClamAV-clamd',
> \&ask_daemon, ["CONTSCAN {}/../email.txt\n", "/var/run/clamav/clamd"],
> qr/\bOK$/, qr/\bFOUND$/,
> qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
> );
>
Thanks, cool trick. I didn't think of doing it that way.
I still wonder if config switch might be useful, or maybe this
could be documented somewhere for the next guy.
-- Noel Jones
------------------------------------------------------------------------------
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
