----- Original Message ----- From: "Matt" <[EMAIL PROTECTED]>
> I believe that Declude creates a directory for all attachments in each > message, and then Declude calls the scanner to scan the entire > directory. I believe that for inline content such as text/plain and > text/html, these files will be saved in those directories according to > the MIME boundaries. For you to properly replicate the circumstances, > it would be a good idea to save an HTML file (example.html) with the > body content of this message in a directory with nothing else in it, and > then call trend to scan the directory and not specifically the file. Matt, that's a good idea. Can you tell me if I have the correct html segments in the test.txt file I sent? If I simply change the extension of this file to .html and place it in a directory by itself and then scan the directory, would that be an adequate test? > One possibility here is that TrendMicro doesn't detect this as a virus > when it is called to scan the directory like Declude does, and the above > should expose whether or not this is the case. Yep, I'll try it and report back the results. > Another alternative is that the message is malformed or Declude has a > parsing issue that is preventing it from being successfully scanned. > That would be difficult to prove unless your Debug log has more > information such as the file names created and the sizes of each file, > and this exposed a flaw. Don't have that kind of detail in the debug logs, that why I offered to send Scott the raw Q&D files for analysis. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
