On Apr 29, 2010, at 4:00 PM, Sharma, Ashish wrote: > > Hi, > > Asking the following question again, as I didn't got any reply yet. > > I have an amavisd(clamav and spamassassin) setup with postfix(referred > deployment notes from: http://wiki.centos.org/HowTos/Amavisd) > > Now whenever I send an eicar string in mail body (via my gmail account) the > mail is quarantined and infection is caught, > > but if the eicar signature is put in a txt file or any other file and mail is > sent , then nothing happens and I could see the attachment as it is in the > mailbox, shouldn't it too be caught as infection and put in quarantine. > > Is there something that I am missing?
What is the setting of bypass_decode_parts in amavis? # set $bypass_decode_parts to true if you only do spam scanning, or if you # have a good virus scanner that can deal with compression and recursively # unpacking archives by itself, and save amavisd the trouble. # Disabling decoding also causes banned_files checking NOT to see MIME types # and content classification types as provided by the file(1) utility. # It is a double-edged sword, make sure you know what you are doing! # #$bypass_decode_parts = 1; # (defaults to false) If you have it to false, then check your antivirus software to be able to decrypt your email and scan it, otherwise set it to true and amavis will unpack and send it through antivirus software, which will detect virus... It shouldn't matter, if you call your virus eicar.com or anything else, in case it contains specific 'EICAR string'... regards, Jernej ------------------------------------------------------------------------------ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
