No, clamav does not scan headers. In fact, clamav does not scan emails.
Certainly, if you're using clamav in a email-server environment, you
have some middle-software that integrates your MTA
(sendmail/postfix/exim) with clamav antivirus.
This middle-software will get the email text, save in a file and ask
clamav to scan those files. If headers are saved as well, so clamav will
YES scan headers. If the software saves only body, then clamav will have
no access to the headers.
Basically, as fair as I know, all middle-softwares should pass ALL
the email to the antivirus, which includes the headers. In that case,
you can simply get your signatures to clamav and those will be caught
successfully.
jef moskot escreveu:
I was thinking of doing something hacky by having clam triggered by
specific text in an X-header. I haven't made a signature based on a
simple text string before, but it didn't look very difficult based on the
docs.
Aside from the basic poor design and misuse of tools involved, would there
be any technical issues with this hack? Would it work? Any pitfalls to
look out for?
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
[EMAIL PROTECTED]
My SPAMTRAP, do not email it
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
