On Thu, Feb 05, 2004 at 12:35:06PM +0100, Tomasz Papszun wrote: > On Thu, 05 Feb 2004 at 12:09:00 +0100, Bruno Treguier wrote: > [...] > > > > Here is my problem: I submitted yesterday a new version of the paypal > > trojan, which has been accepted as "Trojan.Spy.Paypal.A". My submission > > was made via the web service. > > > > The mail was an text/html one, with a quoted-printable encoding. So when > > I run clamscan or clamdscan on a file containing the raw email, the > > detection is correct. > > > > The problem is that I run clamav as a virus scanner via amavis, and > > amavis does all the decoding before calling the scanners. So when clamav > > is called, it does NOT detect the trojan anymore, as it is no longer > > quoted-printable encoded... > > > > Is there a solution to this problem ? > > The solution is probably a correcting the signature by us ;-) .
Thanks for your quick answer. To be really honest, I suspected this, but didn't want to suggest it at first, as I'm not a very experienced user ! > Thank you for pointing this out! You're welcome ! Thanks to _you_, the "dream team", for bringing us this nice tool ! Best regards, Bruno -- -- Service Hydrographique et Oceanographique de la Marine --- EPSHOM/CIS/MIC -- 13, rue du Chatellier --- BP 30316 --- 29603 Brest Cedex, FRANCE -- Phone: +33 2 98 22 17 49 --- Email: [EMAIL PROTECTED] ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
