I'm currently using a filter that scans incoming mail during the SMTP
session (runs right after <CRLF>.<CRLF>, and returns a 5xx if a virus
was found).
The problem is; clamscan seems to miss a few of the tests sent from
http://www.webmail.us/testvirus when done this way... most notably, test
#16 (EICAR virus hidden using the "CR Vulnerability"). However if, I
manually run clamscan on the message delivered to the mailbox, it then
finds Eicar.
I'm using Xmail for the MTA. Xmail does add some of its own temporary
data to the beginning of the temp file that is scanned by clamscan, but
even when that data is removed leaving only the raw header and body
received from the sender, clamscan still misses.
Any ideas?
Thanks,
--John
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
