On Sun, 2010-08-29 at 01:20 -0400, Phil Pennock wrote: > On 2010-08-27 at 14:41 +0100, John Horne wrote:
> > > > > > It seems that the InetMsg spamdomain third-party signatures are being > > > reported by ClamAV as (e.g.): > > > INetMsg.SpamDomain-2m.engduates_com.UNOFFICIAL(924747f3c8e4b999eb887c755839021b:457) > > > Our clamd log file shows the same name as being detected. > > > > > This is very plausible. The expected results from ClamAV are: > infected: -> "<filename>: <virusname> FOUND" > not-infected: -> "<filename>: OK" > error: -> "<filename>: <errcode> ERROR > > and the code does a strrchr() to find the colon. FWIW, this parsing has > not (yet) changed with the 4.73 ClamAV re-working, so an upgrade won't > help you. > > The documentation for ClamAV only documents the FOUND and OK cases and > states that "When a virus is found its name is printed between the > filename: and FOUND strings." > > Clearly the parse logic in Exim needs to be a little more careful. I'm > apparently in the middle of developing a head-cold which is messing up > my ability to think clearly, so don't feel that any code I wrote now > would be worth the electrons used to encode it. So, patches welcome. > :) > Okay, thanks for this, and I hope you get well soon. I've had a quick look at the code, and I think it should be possible to cater for this case. I'll bugzilla the problem, and submit a patch if I can devise one. John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
