Jakob, > we have been running amavisd for quite some time, never really changing > the setup but just upgrading amavisd and here and there adjusting small > bits. > Since one of the last upgrades (not sure which it was exactly) amavisd > finds a lot more viruses than before. We have a no-EXE policy in place, > disallowing EXEs even in zips, only in an encrypted ZIP it would be OK. > With this policy, we had virtually no virus detections because amost > nothing was allowed anyway. Now we still have this policy - I verified > that I cannot send an EXE, not even in a zip file - but still we get > hundreds of virus notifications per day for files with "exe in zip". Has > the order of checking changed generally, or might it depend on using > "new style" banned file types lookup versus "old style"? - That's one of > the things I changed some time ago... current amavis version is 2.6.1.
The order of checking hasn't changed. The implementation has changed with the invention of contents categories in 2.4.0 so some details are slightly different, but the hierarchy is still the same: VIRUS > BANNED > UNCHECKED > SPAM > SPAMMY > BADH > OVERSIZED > MTA > CLEAN So if a virus is recognized, the report and handling is for a virus, even if the message also contains banned parts or spam or bah headers. Mark ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
