No go on catching eicar in a ZIP file; sending from Yahoo, Hotmail, and another server.
Grr... I have three separate servers, and all three are missing ZIP files. Clamscan catches everything in ZIP files if I run it from the command line, and it catches everything in emails that is uncompressed... I'm going to blow away one of the servers, reinstall Solaris, and start from the beginning, and try one more time... :) Justin -----Original Message----- From: Jason Englander [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 4:47 PM To: '[EMAIL PROTECTED]' Subject: RE: [Clamav-users] Compressed files not being scanned On Fri, 22 Aug 2003, Matlock , Justin wrote: > I'm seeing the same thing here using MIMEdefang 2.36, and ClamAV 0.60. > Uncompressed files get caught, but ZIP's do not. I've run 'clamscan' > manually on ZIP files, and it works fine. > > So you're not the only one seeing this -- I've reinstalled everything > twice over, making absolutely positively sure I've installed > everything 'to the letter'. [ I missed earlier message(s) in this thread, sorry if I'm off because of it ] Some messages have totally mutilated mangled invalid MIME encoding. When MIME::tools doesn't even recognize it as an attachment, it'll get through. MIME::tools has to be able to extract it into a file before MD can have a virus scanner scan it. I also use MD 2.36, I was running clamav 0.60, now I think I'm running the 0806 snapshot. Zip files do work for me with MD and clamd otherwise. Try zipping up eicar and sending it to yourself, I just did and it caught it. Unfortunately MIME::tools can't be modified to catch the broken ones too, reliably... You may want to check out the MD list archive, there have been several threads about MIME::tools and broken messages in the past. Jason -- Jason Englander <[EMAIL PROTECTED]> 394F 7E02 C105 7268 777A 3F5A 0AC0 C618 0675 80CA ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
