Hi All,
We've had some problems with ligitimate bounces coming
from qmail that contain one text/plain mime part. This
single mime part contains some error information and
then the original raw infected mail in MIME format.
We scan emails on a part by part basis, so clam was
given the text/plain body to scan rather than the full
raw bounce mail in it's entirety. Clam (and 2 other
virus scanners) failed to find the virus within the
bounce body.
I understand that the virus is pretty harmless in this
state but we would still like to block these
virus-bounce messages.
So, some questions:
1) How dangerous are these virus-bounces?
2) Should clam detect the virus when given the
text/plain main body of the bounce message?
3) Should clam detect the virus when given the entire
bounce message?
4) What other mechanisms can we use to drop these
virus-bounces?
Thanks for any help on this,
Chris
__________________________________
Do you Yahoo!?
Make Yahoo! your home page
http://www.yahoo.com/r/hs
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
