Hi Joel, On Wed, 4 Sep 2019, G.W. Haywood wrote:
... some junk mails aren't being detected by clamd, even though there are valid signatures in the database that are supposed to match them.
I guess you have the two files which I attached. You can see below what happens when I scan them using clamdscan. The one which is not detected is as it came in on the wire today, and, when my milter sent it to clamd as it arrived, it wasn't detected then either. The other file is the same thing, but edited by me. You can see what's in them, and if you compare them you will see the one change which I made which allows the detection to succeed. Without knowing more I don't want to say it's a fault in the scanner, but this looks strange to me. 8<---------------------------------------------------------------------- mail6:~$ >>> clamdscan /tmp/t16289.* /tmp/t16289.found_1: Sanesecurity.Phishing.Fake.26520.UNOFFICIAL FOUND /tmp/t16289.not_found_1: OK ----------- SCAN SUMMARY ----------- Infected files: 1 Time: 0.047 sec (0 m 0 s) 8<---------------------------------------------------------------------- I don't understand why one of them triggers a detection and the other one doesn't. If anyone there can tell me I'd be glad to know. To be clear, the change that I made is an example. It seems that there may be many ways of getting the scan to succeed. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
