I tried the 'virus' perl script posted on
http://www.quantenblog.net/security/virus-scanner-bypass
and the problem is somewhat fixed in (at least) 0.90.2: when the virus
is nested under the maximum recursion level (default to 65) the virus
is detected. When is nested over this limit, it depends on the
--block-max option.
When using clamscan without --block-max option it shows this warning:
LibClamAV Warning: parseEmailBody: hit maximum recursion level (65)
message: Recursion limit exceeded
but does not tag it as a virus.
When using --block-max option:
LibClamAV Warning: parseEmailBody: hit maximum recursion level (65)
message: MIME.RecursionLimit FOUND
tag it as a virus.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]