On Tuesday 19 Apr 2005 10:44, Chris Masters wrote: > > --- Nigel Horne <[EMAIL PROTECTED]> wrote: > > On Tuesday 19 Apr 2005 09:23, Chris Masters wrote: > > > > > > > 3) Should clam detect the virus when given the > > > > entire > > > > > bounce message? > > > > > > > > Yes, if you have a sample which is not found, > > please > > > > email it to me. > > > > > > We currently don't ask clamav to scan the entire > > raw > > > message - just each part separately. The mail was > > > dropped by the mirapoint server and I'm finding it > > > difficult to obtain an infected qmail bounce. > > > > In that case I can't help, sorry. You'll need to get > > a mirapoint > > person to discuss how they handle the mails you > > mention or > > use clamAV do scan the mails in their entirety. > > > > A lot of work has gone into clamAV handling such > > bounces, and > > other software may not handle them as well. > > OK - just to clarify - clamAV will only detect these > if it's asked to scan the entire raw mail? scanning on > the text/plain body separately will not them pick up?
It would be best to state that it is more likely to detect them. Using the word "only" is far too black and white for an imprecise science that malware writers are trying to get around! > I'm just trying to identify if this is a problem with > the way we're scanning or if the mail was not > infected. I understand. Is it possible to send me the entire original file for me to look at? I'll then be in a better position to comment knowledgeably. -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
