Daniel T. Staal wrote:
I've just set up Clamav on my (personal) email server to filter emails for
me. I'm using a procmail setup with clamd, and I'm seeing the same
behavior with the scripts on the Wiki, on Spamassassin's site, and using
Clamassassin.
What I have seen is this: 'phish' emails are getting _reported_ as viri,
but emails with actual viri attached (or the test file) are getting
_cleaned_ and _not_ reported.
I'm not particularly interested in virus removal: any attachments will be
scanned on my desktop computer before I open them, and I might want to
take a look at a virus someone's emailed me with a decompiler. The
purpose of running Clamav on my mail server is curiosity: I want to know
how many viri I am receiving.
What I'd like to see is the 'phish' behavior for the attached viri.
(Well, I'd also rather it didn't actually catch 'phish', but I see that's
an option scheduled for 0.90.) Is there a way to configure clamd to _not_
clean emails?
It only seems to do this with emails fed in from standard input too: I've
run it manually using the same options on one of my sent test messages
(pulled directly from the Maildir folder) and it just reports then.
Daniel T. Staal
Clamav does not clean emails, it only detects viruses and reports back
whether it is infected or not. It is up to the program (qmail-scanner,
simscan, etc) feeding the message to Clam as to quarantine it or not.
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
