> > There are scripts on line you can download that will split your single file > into > individual files - each a complete message. These you scan one at a time. > After > you've found and dealt with the infected message(s) you reassemble the > individual > files into a single file again. > > Start here: http://batleth.sapienti-sat.org/projects/mb2md/ >
Wow. This seems like such an unnecessary and time consuming hassle (to me, it seems ClamScan should be able to tell you what message tested positive as it does detect email files and the individual messages within). I was really hoping when I first got the hit that the "verbose" option would give me some information; but the output was actually no more verbose. http://www.clamav.org/support/faq/ (the 8th item in Miscellaneous) says: "When using clamscan, is there a way to know which message within an mbox is infected? * There are two solutions: Run clamscan --debug, look for Deal with email number xxx ..." But with over 1600 "Deal with email number xxx" this is impractical unless someone can tell me how ClamScan flags the hits. The string "Email.FreeGame" (the hit) appears in the debug output *after* all the individual messages are scanned on the line "LibClamAV debug: Email.FreeGame found in descriptor 3." I don't mean to rant (much). I do realize we are dealing with the current limitations of the scanner and how to work with them. But I really think there should be a push to have the scanner spit out more useful information. Thanks for the suggestions. I'm going to look at the source code and see if I can get it to keep track of line numbers for text files and also when --debug is used to spit out the name (e.g. "Email.FreeGame," etc) within the confines of the "Deal with email number xxx." _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html