Chinh Nguyen Tam wrote: > Greetings, > > We've notice some strange behavior of clamav in our email server for. > When we try to send some email (HTML format, Outlook 2003) with URL > inside, clamav detects these email as Email.Foolball-2 virus. If we send > the emails with the same URL in Thunderbird HTML format or in pure text, > clamav will let the emails pass by. > You can see the example of one Outlook HTML attached in this messages > (please unpack with gzip). > Please advice if anyone met the same problem before and how to solve this. > > Thank you very much!
If your message contains a url such as http://123.231.255.29/, in other words a URL made up from an IP address, and if that URL is preceded by the word "tracker" then the message will fail. In fact I had to reword this post to get past the av filter. dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
