I read your message and decided it sounded like something interesting to try to block spam, and I'm having the opposite problem.
I did a "sigtool --md5 g1.gif > g1.hdb" and stuck the result in my definitions directory. When I scan the gif directly, it works: # clamscan g1.gif g1.gif: Spam.g1 FOUND To be technical, my mail glue thingy does a "clamscan --detect-broken", so: # clamscan --detect-broken g1.gif g1.gif: Spam.g1 FOUND Looks good. If I forward the spam with the attached image to myself, clamscan picks it up. If I forward the image itself in a different message to myself, clamscan also detects it. However, if I clamscan the original mail file with the spam in it, clamscan doesn't see it. If I take shields down and mail the gif to myself, then clamscan the mail file, it doesn't find it. It looks like the glue (amavis) picks the mail file apart then feeds each individual file to clamscan. (There is probably some double-duty going on with clamscan unzipping things that have already been unzipped and fed to it, but it's a low volume server, so if that's happening, I don't mind.) Anyway, that would explain why the gifs themselves are detected and why they are caught when mailed to the server, but not once they are already there. Have I turned off some option that tells clamscan to look at image files or something? Note that I'm not using clamdscan ever, so (from what I understand) the conf files shouldn't apply here. Is this a compile options I've missed or something? Sorry if this is a stupid question, but it's driving me nuts. (By the way, YES, other viruses are detected when I clamscan the mail files.) Also for reference: ClamAV 0.85.1/945/Sat Jun 18 05:51:33 2005 main.cvd is up to date (version: 32, sigs: 34720, f-level: 5, builder: tkojm) daily.cvd is up to date (version: 945, sigs: 1073, f-level: 5, builder: ccordes) Thanks! Jeffrey Moskot System Administrator [EMAIL PROTECTED] _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
