Hi, Is there any way to force clamscan to treat the file passed as a mail?
Some days ago I stepped into a problem where ClamAV was not detecting a virus attached in an email. I narrowed the problem to Clam not detecting the file passed as a mail. I think this is because mail file has too many headers. Not detected as mail: http://pastebin.com/LCipWJaQ === ... LibClamAV debug: No bytecodes loaded, not running builtin test LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: cli_magic_scandesc: returning 0 at line 2559 test.eml: OK LibClamAV debug: Cleaning up phishcheck LibClamAV debug: Freeing phishcheck struct LibClamAV debug: Phishcheck cleaned up ... === Detected as mail (same mail, just removing "x-microsoft-exchange-diagnostics" header): http://pastebin.com/ZvmST7Xh === ... LibClamAV debug: No bytecodes loaded, not running builtin test LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: Matched signature for file type Mail file LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: Starting cli_scanmail(), recursion = 1 LibClamAV debug: in mbox() LibClamAV debug: parseEmailFile ... === Regards, Carlos Velasco _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
