On 2/28/2017 11:35 AM, Carlos Velasco wrote: > > Anyway, the main question remains unanswered... is there any way to force the > scan as mail (overriding the magic for the first recursion)? >
Clam uses the daily.ftm file to decide what type of scanning to use. Generally, clam looks for a Received: line or a few other common mail headers in the first few bytes of the file. Apparently those common headers are too far into your file. You can create a local.ftm with your unusual headers in it to cause these files to be detected as an email. I don't see my notes for the .ftm file syntax at the moment, but I'm sure you can find something on google. Alternately, you can get the sanesecurity.ftm file from sanesecurity.com, which includes a wide variety of mail formats and will likely recognize your file. You don't need to use any the sanesecurity add-on signatures for this, but I recommend them. -- Noel Jones _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml