On Wed, 5 Jan 2005, Daniel Quinlan moaned:
> ClamAV is now marking phishing messages as virus-positive.
>
> I think it's a bit ludicrous to consider phishing messages as viruses
> rather than spam -- they share far more traits with spam than viruses, I
Agreed.
Anyone running the clamav-milter might find advisory mode useful: this
patch makes the advisory-mode milter stick the virus name in a more
convenient place (an X-Virus-Infection-Name header, rather than the
subject line). Stuff in a header is easily ignored: a modified subject
isn't.
(Only lightly tested, but seems to work.)
diff -durN 0.80-orig/clamav-milter/clamav-milter.c
0.80/clamav-milter/clamav-milter.c
--- 0.80-orig/clamav-milter/clamav-milter.c 2004-10-11 01:59:12.000000000
+0100
+++ 0.80/clamav-milter/clamav-milter.c 2005-01-08 14:57:47.000000000 +0000
@@ -646,7 +646,7 @@
static void checkClamd(void);
static int sendtemplate(SMFICTX *ctx, const char *filename, FILE
*sendmail, const char *virusname);
static int qfile(struct privdata *privdata, const char *virusname);
-static void setsubject(SMFICTX *ctx, const char *virusname);
+static void setinfected(SMFICTX *ctx, const char *virusname);
static int clamfi_gethostbyname(const char *hostname, struct hostent *hp,
char *buf, size_t len);
static int isLocalAddr(in_addr_t addr);
static void clamdIsDown(void);
@@ -1049,7 +1049,6 @@
break;
case 'n': /* don't add X-Virus-Scanned */
nflag++;
- smfilter.xxfi_flags &= ~SMFIF_ADDHDRS;
break;
case 'N': /* Do we reject mail or silently drop
it */
rejectmail = 0;
@@ -2763,9 +2762,9 @@
else
cli_warnmsg(_("Can't set quarantine
user %s\n"), quarantine);
} else
- setsubject(ctx, virusname);
+ setinfected(ctx, virusname);
} else if(advisory)
- setsubject(ctx, virusname);
+ setinfected(ctx, virusname);
else if(rejectmail) {
if(privdata->discard)
rc = SMFIS_DISCARD;
@@ -3710,18 +3709,12 @@
}
/*
- * Store the name of the virus in the subject of the e-mail
+ * Store the name of the virus in the X-Virus-Infection-Name header
*/
static void
-setsubject(SMFICTX *ctx, const char *virusname)
+setinfected(SMFICTX *ctx, const char *virusname)
{
- char subject[128];
-
- /*
- * FIXME: doesn't work if there's no subject in the email
- */
- snprintf(subject, sizeof(subject) - 1, _("[Virus] %s"), virusname);
- smfi_chgheader(ctx, "Subject", 1, subject);
+ smfi_addheader(ctx, "X-Virus-Infection-Name", virusname);
}
/*
--
`The sword we forged has turned upon us
Only now, at the end of all things do we see
The lamp-bearer dies; only the lamp burns on.'
