Thanks, Fritz. It's good to know this appears to be working anyway. My current AVBytes was already set to 100k (overkill?) before I started troubleshooting this.
I am sending the test Eicars from this page: http://shopping.declude.com/Articles.asp?ID=99 Would any of the options in particular be expected to certainly cause ASSP and ClamAV to stop it as a virus? Here's a sample of the ASSP maillog for one of these test emails: Jan-22-07 13:19:23 63.246.31.247 <[EMAIL PROTECTED]> to: <email protected> recipient accepted: <email protected> Jan-22-07 13:19:24 63.246.31.247 <[EMAIL PROTECTED]> to: <email protected> local or whitelisted - (attachments unchecked) Test_eicar_in_headers_eicarcr_ -> f:\assp/notspam/767.eml Jan-22-07 13:19:24 63.246.31.247 <[EMAIL PROTECTED]> to: <email protected> ClamAV: scanning WL=1:1 NP=:0 LOCAL=1: Jan-22-07 13:19:24 63.246.31.247 <[EMAIL PROTECTED]> to: <email protected> ClamAV: scanning done OK Is it normal that the log will show " whitelisted - (attachments unchecked)" and then go on to scan anyway (as I have turned on "Scan Whitelisted Senders"? HMM, after all the above, I removed " [EMAIL PROTECTED]" from Whitelist (I had placed there to keep from delaying, instead of DO NOT DELAY THESE IPS...) and now it's catching Eicar. Is this the way you expect it to work? Now the part in the log about "whitelisted" goes away. Does the "Scan Whitelisted Senders" not work properly? Maybe I'm just confused! Anyway, I think it's working, but I don't think I'm scanning white-listed users at all, despite the log showing it runs ClamAV. Thanks, Geoff -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fritz Borgstedt Sent: Monday, January 22, 2007 12:42 PM To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy Subject: Re: [Assp-user] CLAMAV catching phishing but nothing else? We do not catch Eicar as text in the body of a mail, we catch however Eicar in a file . If you set AVBytes to 50k you will catch with ASSP all what CLAMD would catch alone. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
