I tried the 'virus' perl script posted on
http://www.quantenblog.net/security/virus-scanner-bypass
and the problem is somewhat fixed in (at least) 0.90.2: when the virus is nested under the maximum recursion level (default to 65) the virus is detected. When is nested over this limit, it depends on the --block-max option.

When using clamscan without --block-max option it shows this warning:

LibClamAV Warning: parseEmailBody: hit maximum recursion level (65)
message: Recursion limit exceeded

but does not tag it as a virus.

When using --block-max option:

LibClamAV Warning: parseEmailBody: hit maximum recursion level (65)
message: MIME.RecursionLimit FOUND

tag it as a virus.



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to