[EMAIL PROTECTED] wrote: > -- Bill Landry said the following on 8/30/07 10:51 PM: >> Not all SaneSecurity signatures need to see the full message. If I >> recall correctly, it's only the mail file type (designated by :4: in the >> signature) that need to see the headers and body together. Anyway, as > > I received a question about this particular ecard business: > > http://secunia.com/virus_information/40057/zhelatin.geneml/ > > Apparently GroupShield is catching this, but ClamAV is not. Do you know > if ClamAV needs to see the entire message in order to catch this one? >
Don't know, but if you have a sample, you can always save it to a file and test it directly with clamscan or clamdscan. If it's detected then, but not when sent as an e-mail, then there's your answer. Bill _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
