Christoph Cordes wrote: > Am 02.10.2007 um 05:05 schrieb Chinh Nguyen Tam: > >> Dennis Peterson wrote: >>> Chinh Nguyen Tam wrote: >>>> Greetings, >>>> >>>> We've notice some strange behavior of clamav in our email server >>>> for. >>>> When we try to send some email (HTML format, Outlook 2003) with URL >>>> inside, clamav detects these email as Email.Foolball-2 virus. If >>>> we send >>>> the emails with the same URL in Thunderbird HTML format or in >>>> pure text, >>>> clamav will let the emails pass by. >>>> You can see the example of one Outlook HTML attached in this >>>> messages >>>> (please unpack with gzip). >>>> Please advice if anyone met the same problem before and how to >>>> solve this. >>>> >>>> Thank you very much! >>> If your message contains a url such as http://123.231.255.29/, in >>> other words a URL >>> made up from an IP address, and if that URL is preceded by the >>> word "tracker" then >>> the message will fail. In fact I had to reword this post to get >>> past the av filter. >>> >>> dp >> Yes, our emails contain urls with IP. We must change it so something >> like hxxp://123.123.123.123 to pass the filter. But you know, It's >> a bit >> noisy for the users. It'd be ok if there's a tip to disable this >> kind >> of check from clamav. >> > > Could you submit such a mail @ http://cgi.clamav.net/sendvirus.cgi > > Thank you. >
Thank you for your tip. I've just submitted the email to clamav. Regards, Chinh Nguyen _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
