Quoting Nigel Horne <[EMAIL PROTECTED]>:
On Wednesday 15 Sep 2004 09:12, Tim Ruehsen wrote:
Hi,
I just wonder why 'clamscan --mbox' says OK whenever there is a
'X-Virus-Flag:
Yes' mail header line (a virus a definitely included). If I remove this
header line from the mail, the same command reports the virus correctly.
Wouldn't it be good advice for virus programmers to include 'X-Virus-Flags:
Yes' in their virus mails?
Just for your information: Kmail 1.7 (KDE 3.3) supports clamav.
Infected mails
are 'marked' with the mentioned header line and moved to trash.
Can someone explain this behaviour? And is there a possibility to
switch this
behaviour off?
Sounds like a red herring, however there may be another issue which
you're seeing
which needs investigation?
Operating system?
Version of clamav?
Please send me a sample e-mail that demonstrates this (zipped file
encrypted with the
password 'virus').
Regards, Tim
-Nigel
I had an issue similar to this a couple months back. I had an email that
started with a particular header (i dont have the message anymore) and because
of the existance of that header, clamscan --mbox would not detect the virus.
If i removed the line (which was the first line of the headers) then clamscan
--mbox would detect the virus. I posted on this list and the only person who
seemed remotely interested was nice enough to create a custom signature for
this one particular message.
sorry i can not offer any more information as it was too long ago and i no
longer have the message nor the signature.
-Jim
-------------------------------------------------------
This SF.Net email is sponsored by: thawte's Crypto Challenge Vl
Crack the code and win a Sony DCRHC40 MiniDV Digital Handycam
Camcorder. More prizes in the weekly Lunch Hour Challenge.
Sign up NOW http://ad.doubleclick.net/clk;10740251;10262165;m
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
