Chinh Nguyen Tam wrote: > Christoph Cordes wrote: >> Am 02.10.2007 um 05:05 schrieb Chinh Nguyen Tam: >> >>> Dennis Peterson wrote: >>>> Chinh Nguyen Tam wrote: >>>>> Greetings, >>>>> >>>>> We've notice some strange behavior of clamav in our email server >>>>> for. >>>>> When we try to send some email (HTML format, Outlook 2003) with URL >>>>> inside, clamav detects these email as Email.Foolball-2 virus. If >>>>> we send >>>>> the emails with the same URL in Thunderbird HTML format or in >>>>> pure text, >>>>> clamav will let the emails pass by. >>>>> You can see the example of one Outlook HTML attached in this >>>>> messages >>>>> (please unpack with gzip). >>>>> Please advice if anyone met the same problem before and how to >>>>> solve this. >>>>> >>>>> Thank you very much! >>>> If your message contains a url such as http://123.231.255.29/, in >>>> other words a URL >>>> made up from an IP address, and if that URL is preceded by the >>>> word "tracker" then >>>> the message will fail. In fact I had to reword this post to get >>>> past the av filter. >>>> >>>> dp >>> Yes, our emails contain urls with IP. We must change it so something >>> like hxxp://123.123.123.123 to pass the filter. But you know, It's >>> a bit >>> noisy for the users. It'd be ok if there's a tip to disable this >>> kind >>> of check from clamav. >>> >> Could you submit such a mail @ http://cgi.clamav.net/sendvirus.cgi >> >> Thank you. >>
Christoph Cordes, thank you very much for your quick response. After submitting the case and updating our clamav database as you advice all is OK for now. Thank you very much! Best regards, Chinh Nguyen _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
