Odhiambo Washington wrote:
Hi,
For some strange reasons, I've seen some malware go past my filters
on several occasions.
One such case is today, where a mail containing two attachments, one
a gif and the other a zip archive, skipped clamd completely and was
delivered to my inbox.
However, when I extract the attachment from the file and scan it with
clamd, the worm is detected.
Either this is a failure of the configuration on my MTA, or in the
way clamd analyzes such e-mail. I am running 0.88.7.
Do you have any kind of minimum size limit a message must have before it
is a candidate for scanning? Many sites don't scan very large messages
because they are outside the typical size for spam/viruses. It's a
choice that brings some risk but it does make things more efficient.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
