On Sat, 18 Jun 2005, Nicki de Wet wrote:
We're running Postfix+Amavisd-new +Clamav+Spamassassin for email content
filtering. I created my own signatures for two frequent gif images that
contain spam.
My custom signatures:
Spam.OEMGif.A
(Clam)=33627a3744345a4e526e3652614a7a6f69717151786c7075544e667350462b357a666549752f5039594d4b695559456a76704971
307536554753356669644c426d6f6f36
Spam.ViagraGif.A
(Clam)=443361435949776c755a696874713354694c71516172587966644575444f4f4f436f776c64417a694957417a494a564a6e384
c6f48416f6c7943707279616871
Your signatures appear to match against base64 encoded data, not against
raw binary data. When you clamdscan against img, I'm guessing img isn't
really a .gif? That's why your scan "works".
You need to create a signature for the binary data. Assuming the images
aren't changing, you should probably create md5 signatures (see docs) as
that will be much easier for you.
By the way, if you have procmail, you could filter off the base64
encoding there (since procmail doesn't decode it first).
Damian Menscher
--
-=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
